I'va a CA in a Debian host that works fine and use scripts in openssl
I've a 2003 Server with a HTTPS site. It owns its certificate generated by this
CA.
When a XP client connect to this site with "http://www.secure.local";, a message
show me that I try to connect to a secure site.
My problem: I modify the configuration of my server: I want now clients to
authenticate them.
When a XP client connect to this site with "http://www.secure.local";, a message
show me that I have to select a certificate to authenticate me. In this
windows, no certificate appears.
But a certificate for my user had been generated by the CA, and installed in
the web browser. This certificate is too in the MMC with all others
certificates. The certificate is good, with the certificate of the CA.
With a certificate created by Mircosoft CA (with web site "certsrv"), all is
fine: the windows show me user certificates. I've only to select one to connect
to secure web site.
I've compared the two certificates, and i've only found a difference: in
Microsoft user certificate, I've:
"use of the key: cypher of data (f0)" (translated from french). In my
certificate generated with openssl, I don't have this line.
Here is a part of the file used to generate user certificate:
---------------------------
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection
nsCertType = client, email
---------------------------
I don't see anything like "cypher of data". What to write to add this ? Is my
problem going from tis point ?
Is this good for XP client with a HTTPS site ?
If I use this certificate with Outlook, all is fine.
Thanks for all.
Best regards.
