| 1 |
Buffalo Dickens wrote: |
| 2 |
> Many thanks Rumen! Actually I came across many error notifications |
| 3 |
> during self certificate generation under Windows 2003 with openssl. As |
| 4 |
> this is the gentoo maillist, I will not and should not paste the |
| 5 |
> detailed error messages here:) |
| 6 |
> |
| 7 |
> So I just want to bypass this step under Win, letting linux take this |
| 8 |
> task over. I do not know whether there will be some underlying |
| 9 |
> conflict in doing this. |
| 10 |
> |
| 11 |
> Also, I will study what you provide me carefully. Thanks a lot! |
| 12 |
> |
| 13 |
> -- |
| 14 |
> You will when you BELIEVE. |
| 15 |
> Buffalo Dickens |
| 16 |
> |
| 17 |
> |
| 18 |
> |
| 19 |
> 2007/3/29, Rumen Yotov <rumen@××××××.org <mailto:rumen@××××××.org>>: |
| 20 |
> |
| 21 |
> On Thu, 29 Mar 2007 15:44:20 +0800 |
| 22 |
> "Buffalo Dickens" < zwmaillist@×××××.com |
| 23 |
> <mailto:zwmaillist@×××××.com>> wrote: |
| 24 |
> |
| 25 |
> > Hi all! I am not familiar with openssl at all. Here I got a problem. |
| 26 |
> > My Windows 2003 can not (or I can not) accomplish the task of |
| 27 |
> > generating a private key file and a csr file. That holds up my |
| 28 |
> > process of going on with authentication between it and other host |
| 29 |
> > servers. |
| 30 |
> > |
| 31 |
> > I wonder if gentoo linux is able to help finish this step for Win? I |
| 32 |
> > mean, using openssl under gentoo to generate a whole set of private |
| 33 |
> > key and certificate and transferring them to Win host for its use. I |
| 34 |
> > do not know whether that is feasible. Any suggestion will be |
| 35 |
> > appreciated! Thank you! |
| 36 |
> > |
| 37 |
> Hi, |
| 38 |
> |
| 39 |
> IMO any linux can do this, you only need openssl (which is BTW also |
| 40 |
> available for Windows, IIRC). |
| 41 |
> Google for the concrete commands (generate a self-signed certificate). |
| 42 |
> Or better try "openca.org <http://openca.org>" to do the work for |
| 43 |
> you ;) |
| 44 |
> HTH. Rumen |
| 45 |
> -- |
| 46 |
> gentoo-user@g.o <mailto:gentoo-user@g.o> mailing list |
| 47 |
> |
| 48 |
> |
| 49 |
> |
| 50 |
|
| 51 |
Assuming you want to enable SSL on your Windows Web Server (IIS) you |
| 52 |
might try this: |
| 53 |
|
| 54 |
1) Generate Cert. Authority on the Gentoo Box: |
| 55 |
|
| 56 |
openssl genrsa -des3 -out CA.key 1024 |
| 57 |
|
| 58 |
(import CA.crt in all the clients in order to make them recognize the CA |
| 59 |
and accept the certificates signed by it) |
| 60 |
|
| 61 |
2) Create Cert. Request (Windows Box): |
| 62 |
- Open the Internet Manager |
| 63 |
- Select the site you want to create a key for |
| 64 |
- Right-click >> Properties |
| 65 |
- Select "Directory Security" |
| 66 |
- Go to "Server Certificate" |
| 67 |
- Follow the steps and create a New CSR |
| 68 |
- Save your CSR as "new.csr" |
| 69 |
- Transfer it to the Gentoo box |
| 70 |
|
| 71 |
3) Sign the CSR on the Gentoo box: |
| 72 |
|
| 73 |
openssl x509 -req -days 365 -in new.csr -CA CA.crt -CAkey CA.key |
| 74 |
-CAcreateserial -out new.crt |
| 75 |
|
| 76 |
4) Transfer the signed cert. back to the Windows Box and install it: |
| 77 |
|
| 78 |
- Open the Internet Manager |
| 79 |
- Select the site you requested a certif. for |
| 80 |
- Right-click >> properties |
| 81 |
- Go to "Directory Security" tab |
| 82 |
- Choose "Server Certificate" |
| 83 |
- Choose that you want to complete the pending request |
| 84 |
- Select the .crt file that you transferred from the Gentoo box |
| 85 |
|
| 86 |
|
| 87 |
HTH |
| 88 |
|
| 89 |
-- |
| 90 |
Best regards, |
| 91 |
Daniel |
| 92 |
|
| 93 |
|
| 94 |
-- |
| 95 |
gentoo-user@g.o mailing list |
Archives