Nancho,
For every certificate I generate from script a custom .cnf file.
The relevant parts of the configuration file are:
[ req ]
prompt = no
distinguished_name = req_distinguished_name
output_password =
[ req_distinguished_name ]
C
Could you, Please, send me the openssl.cnf (or relevant part of it) you
used to sign the certificate.
The sign script I use creates one .cnf on the fly so check it out.
The proccess I follow is this:
I generate the key:
openssl genrsa -des3 -out clienteNets-dsa.key 1024
Then I generate the c
Nacho,
These extensions do work with IIS (the certificate is generated using
openssl 0.9.6).
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Telfort SITB authentication
Netscape Cert Type:
extensions in your certificate.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 21, 2001 1:10 PM
Subject: Re: how t
No! my bowser shows me the 2 certificates, the working one and the non working
one.
He sends the a list of CA's whith the 2 signing CA's.
And I've tried to generate a client certificate with safelayer and it works too!
the safelayer cert and the NT one share this extensions:
X509v
In client auth, the server sends a list of acceptable certificate
authorities to the client. Evidently, your IIS4 configuration is only
sending the one that corresponds to the certificate server on your NT box.
Your browser is dutifully only displaying certificates that have been signed
by one of
