I generated a cert for your privatekey using a fake CA I have for my testing (which I already set up in my systems).
If you want to set up your own, it's simple in principle, but there are quite a few options and details. At a minimum: - create a CA key and a selfsigned (root) cert for that key: openssl req -newkey rsa:2048 -x509 -days N -keyout cakey.pem -out cacert.pem # substitute other type and/or size/params of key if desired # specify -config file if not default # answer prompts for name (DN), or change config file, or use -subj # if desired set extensions in config file, or -extensions (section) on commandline - distribute cacert.pem and install where needed - if using 'ca' below, create empty index.txt file - both ways create serial file with reasonable value e.g. 01 For each desired EE key&cert, in this case your single one: - create a req (CSR) for that key, with suitable name (DN) openssl req -new -key foo.key -out foo.csr # specify -config if not default and DN as above # can put extensions in CSR but usually better in cert below and then issue a cert EITHER: openssl ca [-config xx] -in foo.csr -out foo.crt # -days in config file or commandline # extensions in config file or referenced by command line if desired OR: openssl x509 -req -days N -CA cacert.pem -CAkey cakey.pem -in foo.csr -out foo.crt # extensions referenced by commandline (only) Use foo.crt in good health. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Andrew Arnott Sent: Saturday, March 22, 2014 14:56 To: openssl-users@openssl.org Subject: *** Spam *** Re: When P is larger than Q Thanks Dave. Where do you get the cert file to use as input? <snip> From: Dave Thompson <mailto:dthomp...@prinpay.com> Sent: Friday, March 21, 2014 3:37 PM To: openssl-users@openssl.org <snip> I don't think this violates any standard and it works fine on my Windows (which is 7). I took your privatekey, which is indeed PKCS#1, generated a (fake) cert, put them in a PKCS12, which Windows [7] imported okay and IE(9) was then able to use to authenticate to my test server (which trusts the fake cert). Where are you seeing the "Bad Data"? <snip>
