1 |
Buffalo Dickens wrote: |
2 |
> Many thanks Rumen! Actually I came across many error notifications |
3 |
> during self certificate generation under Windows 2003 with openssl. As |
4 |
> this is the gentoo maillist, I will not and should not paste the |
5 |
> detailed error messages here:) |
6 |
> |
7 |
> So I just want to bypass this step under Win, letting linux take this |
8 |
> task over. I do not know whether there will be some underlying |
9 |
> conflict in doing this. |
10 |
> |
11 |
> Also, I will study what you provide me carefully. Thanks a lot! |
12 |
> |
13 |
> -- |
14 |
> You will when you BELIEVE. |
15 |
> Buffalo Dickens |
16 |
> |
17 |
> |
18 |
> |
19 |
> 2007/3/29, Rumen Yotov <rumen@××××××.org <mailto:rumen@××××××.org>>: |
20 |
> |
21 |
> On Thu, 29 Mar 2007 15:44:20 +0800 |
22 |
> "Buffalo Dickens" < zwmaillist@×××××.com |
23 |
> <mailto:zwmaillist@×××××.com>> wrote: |
24 |
> |
25 |
> > Hi all! I am not familiar with openssl at all. Here I got a problem. |
26 |
> > My Windows 2003 can not (or I can not) accomplish the task of |
27 |
> > generating a private key file and a csr file. That holds up my |
28 |
> > process of going on with authentication between it and other host |
29 |
> > servers. |
30 |
> > |
31 |
> > I wonder if gentoo linux is able to help finish this step for Win? I |
32 |
> > mean, using openssl under gentoo to generate a whole set of private |
33 |
> > key and certificate and transferring them to Win host for its use. I |
34 |
> > do not know whether that is feasible. Any suggestion will be |
35 |
> > appreciated! Thank you! |
36 |
> > |
37 |
> Hi, |
38 |
> |
39 |
> IMO any linux can do this, you only need openssl (which is BTW also |
40 |
> available for Windows, IIRC). |
41 |
> Google for the concrete commands (generate a self-signed certificate). |
42 |
> Or better try "openca.org <http://openca.org>" to do the work for |
43 |
> you ;) |
44 |
> HTH. Rumen |
45 |
> -- |
46 |
> gentoo-user@g.o <mailto:gentoo-user@g.o> mailing list |
47 |
> |
48 |
> |
49 |
> |
50 |
|
51 |
Assuming you want to enable SSL on your Windows Web Server (IIS) you |
52 |
might try this: |
53 |
|
54 |
1) Generate Cert. Authority on the Gentoo Box: |
55 |
|
56 |
openssl genrsa -des3 -out CA.key 1024 |
57 |
|
58 |
(import CA.crt in all the clients in order to make them recognize the CA |
59 |
and accept the certificates signed by it) |
60 |
|
61 |
2) Create Cert. Request (Windows Box): |
62 |
- Open the Internet Manager |
63 |
- Select the site you want to create a key for |
64 |
- Right-click >> Properties |
65 |
- Select "Directory Security" |
66 |
- Go to "Server Certificate" |
67 |
- Follow the steps and create a New CSR |
68 |
- Save your CSR as "new.csr" |
69 |
- Transfer it to the Gentoo box |
70 |
|
71 |
3) Sign the CSR on the Gentoo box: |
72 |
|
73 |
openssl x509 -req -days 365 -in new.csr -CA CA.crt -CAkey CA.key |
74 |
-CAcreateserial -out new.crt |
75 |
|
76 |
4) Transfer the signed cert. back to the Windows Box and install it: |
77 |
|
78 |
- Open the Internet Manager |
79 |
- Select the site you requested a certif. for |
80 |
- Right-click >> properties |
81 |
- Go to "Directory Security" tab |
82 |
- Choose "Server Certificate" |
83 |
- Choose that you want to complete the pending request |
84 |
- Select the .crt file that you transferred from the Gentoo box |
85 |
|
86 |
|
87 |
HTH |
88 |
|
89 |
-- |
90 |
Best regards, |
91 |
Daniel |
92 |
|
93 |
|
94 |
-- |
95 |
gentoo-user@g.o mailing list |