RE: Newsreader (was: Question about exporting user certificate files to .pfx)

2012-11-20 Thread John A. Wallace
sl.org > Cc: st...@openssl.org > Subject: Newsreader (was: Question about exporting user certificate > files to .pfx) > > On Tue, Nov 20, 2012 at 11:56 AM, wrote: > > it would be swell if I could get my email address removed from the > > list without removing my subscrip

Newsreader (was: Question about exporting user certificate files to .pfx)

2012-11-20 Thread Jeffrey Walton
On Tue, Nov 20, 2012 at 11:56 AM, wrote: > it would be swell if I could get my email address removed from the list > without removing my subscription too. This way I could just use my > newsreader to get the messages without having my email box cluttered every > day with this high-volume list.

Re: [openssl-users] Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Dr. Stephen Henson
On Mon, Nov 19, 2012, Erwann Abalea wrote: > You should get better CA scripts, or build your own set after > reading your openssl.cnf file and other associated documentation. > > man req > man x509 > man ca > man x509v3_config > > When I need a junk CA, I personaly use "openssl req" to create th

Re: [openssl-users] Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Erwann Abalea
Answers inline. -- Erwann ABALEA - Un forum peut répondre à plusieurs besoins à la fois Ici, le groupe des débutants dépasse en nombre le groupe des utilisateur "middle-class" ce qui provoque inévitablement des tensions. -+- EF - Guide du Neuneu d'Usenet - La lutte des middle classes -+- Le

Re: [openssl-users] Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Deeztek.com Support
Maybe I got something wrong creating the intermediate CA which is supposed to be the 2nd certificate. This is what I did to create the intermediate CA. Maybe I missed something? Generated Intermediate CA key: openssl genrsa -out ia.key 4096 Generated Intermediate CA Certificate Request: open

Re: [openssl-users] Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Erwann Abalea
Thanks. The first certificate is your root CA, the second one is a version 1 certificate that can't be used as a CA (it would be insecure to allow it). If your end-user certificate is issued by this second certificate, then the error message is normal. -- Erwann ABALEA - anatomie: ablatio

Re: [openssl-users] Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Deeztek.com Support
I'm assuming this is what you want. This is the contents of my chain file: -BEGIN CERTIFICATE- MIIFlDCCA3ygAwIBAgIJAJsm0MjspJZLMA0GCSqGSIb3DQEBBQUAMDoxGDAWBgNV BAMTD2NhMy5kZWV6dGVrLmNvbTEeMBwGCSqGSIb3DQEJARYPY2EzQGRlZXp0ZWsu Y29tMB4XDTEyMTExNzIzMDA1MVoXDTE3MTExNzIzMDA1MVowOjEYMBYGA1UEAxMP

Re: [openssl-users] Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Erwann Abalea
Can you post here the certificate chain? Not the private key, only the certificates, from the root down to the end-entity. -- Erwann ABALEA - Ca se fait pas du tout d'avoir donné toutes les adresses email des votants C bon pour les spammers ça ! [suit la liste intégrale des votants mal quoté

Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Jeffrey Walton
On Mon, Nov 19, 2012 at 10:53 AM, Deeztek.com Support wrote: > I fixed the command and it created the end user .pfx file. It imported > successfully into windows but I get this message when I looked at the > certification chain for the intermediate ca: > > This certification authority is not allow

Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Deeztek.com Support
I fixed the command and it created the end user .pfx file. It imported successfully into windows but I get this message when I looked at the certification chain for the intermediate ca: This certification authority is not allowed to issue certificates or cannot be used as an end-entity certifi

Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Dr. Stephen Henson
On Mon, Nov 19, 2012, Deeztek.com Support wrote: > Nevermind the last message, you said *concatenate* the CA > certificate together. So, this is what i did: > > Root cert: > cat ca.crt > cachain.pem > > Int-ca cert: > > cat int-ca.crt >> cachain.pem > > Ran the following but it didn't work: >

Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Deeztek.com Support
I meant, I run the command, I get no error, no pfx file is created and I simply get the openssl help command: Usage: pkcs12 [options] where options are -export output PKCS12 file -chainadd certificate chain -inkey file private key if not infile What do you mean "didn't work"?

Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Dr. Stephen Henson
On Mon, Nov 19, 2012, Deeztek.com Support wrote: > Nevermind the last message, you said *concatenate* the CA > certificate together. So, this is what i did: > > Root cert: > cat ca.crt > cachain.pem > > Int-ca cert: > > cat int-ca.crt >> cachain.pem > > Ran the following but it didn't work: >

Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Deeztek.com Support
Nevermind the last message, you said *concatenate* the CA certificate together. So, this is what i did: Root cert: cat ca.crt > cachain.pem Int-ca cert: cat int-ca.crt >> cachain.pem Ran the following but it didn't work: openssl pkcs12 -export -out someone.pfx -inkey someone.key -in someone

Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Dr. Stephen Henson
On Mon, Nov 19, 2012, Deeztek.com Support wrote: > Sorry, I'm not sure what you mean by concentrate the CA certificate > together. > Join the root and intermediate CAs together in one file e.g. like this under Linux: cat intermediateca.pem root.pem >cacerts.pem Then pass "-certfile cacerts.pem

Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Deeztek.com Support
Sorry, I'm not sure what you mean by concentrate the CA certificate together. On 11/19/2012 10:02 AM, Dr. Stephen Henson wrote: On Mon, Nov 19, 2012, Deeztek.com Support wrote: I have created a CA and an intermediate CA. I use the intermediate CA to create self-signed s/mime certificates for

Re: Question about exporting user certificate files to .pfx

2012-11-19 Thread Dr. Stephen Henson
On Mon, Nov 19, 2012, Deeztek.com Support wrote: > > I have created a CA and an intermediate CA. I use the intermediate > CA to create self-signed s/mime certificates for end users which > works fine. I need to be able to create .pfx files form those end > user certificates and include the CA cha

Question about exporting user certificate files to .pfx

2012-11-19 Thread Deeztek.com Support
I have created a CA and an intermediate CA. I use the intermediate CA to create self-signed s/mime certificates for end users which works fine. I need to be able to create .pfx files form those end user certificates and include the CA chain into the pfx file. Currently the command I use to ex