I'm new to openssl, and unfortunately I picked as a first challenge something that seems a bit more advanced, so I was hoping I might be able to get some help from the more experienced and knowledgeable folks on this board.
I need to generate a certificate that can be used for windows logon with a smartcard, and having tried to follow about half a dozen different fragmentary forum threads, I am stuck with the following, not sure how to move forward. To my /etc/ssl/openssl.cnf file I added the following section: __________________________ [smart_cert] basicConstraints=CA:FALSE keyUsage = digitalSignature, keyEncipherment subjectKeyIdentifier = hash authorityKeyIdentifier=keyid,issuer extendedKeyUsage=clientAuth,1.3.6.1.4.1.311.20.2.2 1.3.6.1.4.1.311.20.2 = DER:1E1C0053006D0061007200740063006100720064004C006F0067006F006E subjectAltName = DER:3021A01F060A2B060104018237140203A0110C0F7573657240646F6D61696E2E636F6D crlDistributionPoints = URI:http://192.168.57.100/cert/cert.crl __________________________ I then run: openssl req -x509 -nodes -days 4 -newkey rsa:2048 -keyout test.pem -out test.pem -reqexts smart_card openssl pkcs12 -export -out test.pfx -in test.pem -name "test certificate" Neither of these give any errors indicating that there was a problem with the [smart_card] section of my openssl.cnf. Unfortunately, my smart card tells me that this certificate does not have the ability to logon. What am I missing here? Or am I completely offtrack? Thank you very much, Nate B. -- View this message in context: http://www.nabble.com/Creating-certs-used-for-smartcard-logon-in-windows-tp23338745p23338745.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
