-----Original Message-----
>From: Wim Lewis <w...@omnigroup.com>
>Sent: Jul 28, 2010 6:33 PM
>To: openssl-users@openssl.org
>Subject: Re: Simulating Mac keychain CSR with OpenSSL
>Well, I haven't tried submitting an OpenSSL-generated CSR to Apple, but the
>CertificateAssistant-generated CSR looks pretty normal. I have a vague memory
>that Apple's fussy about the key type; are you using a 2048-bit RSA key?
>
>I ran asn1parse on a successfully-submitted-to-Apple CSR and I see this
>structure:
>
>[
> version = v1
> subject = { emailAddress = IA5STRING, commonName = UTF8STRING, countryName =
> PRINTABLESTRING }
> subjectPKInfo = [ [ rsaEncryption, NULL ], the usual key parameters,
> e=65537, m ~ 2^2048 ]
> attributes = empty sequence
>]
>
>signed using sha1WithRSAEncryption.
Ah, the key length was one variation I did not try. Thanks. Will give it
another go shortly.
>> I don't like mysteries, and don't being locked into one platform.
>
>Understandable, though I think that once you're using Apple's notification
>service for your iPhones, the way you generate your X.509 key is the least of
>your lockin worries. :)
Hehe, don't get me started. ;)
Thanks,
Todd
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
