1 |
Daniel, such a detailed explanation! I am grateful for all of this! |
2 |
|
3 |
Yours, |
4 |
Buffalo |
5 |
|
6 |
|
7 |
|
8 |
2007/3/29, Daniel Iliev <danny@××××××××.com>: |
9 |
> |
10 |
> Buffalo Dickens wrote: |
11 |
> > Many thanks Rumen! Actually I came across many error notifications |
12 |
> > during self certificate generation under Windows 2003 with openssl. As |
13 |
> > this is the gentoo maillist, I will not and should not paste the |
14 |
> > detailed error messages here:) |
15 |
> > |
16 |
> > So I just want to bypass this step under Win, letting linux take this |
17 |
> > task over. I do not know whether there will be some underlying |
18 |
> > conflict in doing this. |
19 |
> > |
20 |
> > Also, I will study what you provide me carefully. Thanks a lot! |
21 |
> > |
22 |
> > -- |
23 |
> > You will when you BELIEVE. |
24 |
> > Buffalo Dickens |
25 |
> > |
26 |
> > |
27 |
> > |
28 |
> > 2007/3/29, Rumen Yotov <rumen@××××××.org <mailto:rumen@××××××.org>>: |
29 |
> > |
30 |
> > On Thu, 29 Mar 2007 15:44:20 +0800 |
31 |
> > "Buffalo Dickens" < zwmaillist@×××××.com |
32 |
> > <mailto:zwmaillist@×××××.com>> wrote: |
33 |
> > |
34 |
> > > Hi all! I am not familiar with openssl at all. Here I got a |
35 |
> problem. |
36 |
> > > My Windows 2003 can not (or I can not) accomplish the task of |
37 |
> > > generating a private key file and a csr file. That holds up my |
38 |
> > > process of going on with authentication between it and other host |
39 |
> > > servers. |
40 |
> > > |
41 |
> > > I wonder if gentoo linux is able to help finish this step for Win? |
42 |
> I |
43 |
> > > mean, using openssl under gentoo to generate a whole set of |
44 |
> private |
45 |
> > > key and certificate and transferring them to Win host for its use. |
46 |
> I |
47 |
> > > do not know whether that is feasible. Any suggestion will be |
48 |
> > > appreciated! Thank you! |
49 |
> > > |
50 |
> > Hi, |
51 |
> > |
52 |
> > IMO any linux can do this, you only need openssl (which is BTW also |
53 |
> > available for Windows, IIRC). |
54 |
> > Google for the concrete commands (generate a self-signed |
55 |
> certificate). |
56 |
> > Or better try "openca.org <http://openca.org>" to do the work for |
57 |
> > you ;) |
58 |
> > HTH. Rumen |
59 |
> > -- |
60 |
> > gentoo-user@g.o <mailto:gentoo-user@g.o> mailing list |
61 |
> > |
62 |
> > |
63 |
> > |
64 |
> |
65 |
> Assuming you want to enable SSL on your Windows Web Server (IIS) you |
66 |
> might try this: |
67 |
> |
68 |
> 1) Generate Cert. Authority on the Gentoo Box: |
69 |
> |
70 |
> openssl genrsa -des3 -out CA.key 1024 |
71 |
> |
72 |
> (import CA.crt in all the clients in order to make them recognize the CA |
73 |
> and accept the certificates signed by it) |
74 |
> |
75 |
> 2) Create Cert. Request (Windows Box): |
76 |
> - Open the Internet Manager |
77 |
> - Select the site you want to create a key for |
78 |
> - Right-click >> Properties |
79 |
> - Select "Directory Security" |
80 |
> - Go to "Server Certificate" |
81 |
> - Follow the steps and create a New CSR |
82 |
> - Save your CSR as "new.csr" |
83 |
> - Transfer it to the Gentoo box |
84 |
> |
85 |
> 3) Sign the CSR on the Gentoo box: |
86 |
> |
87 |
> openssl x509 -req -days 365 -in new.csr -CA CA.crt -CAkey CA.key |
88 |
> -CAcreateserial -out new.crt |
89 |
> |
90 |
> 4) Transfer the signed cert. back to the Windows Box and install it: |
91 |
> |
92 |
> - Open the Internet Manager |
93 |
> - Select the site you requested a certif. for |
94 |
> - Right-click >> properties |
95 |
> - Go to "Directory Security" tab |
96 |
> - Choose "Server Certificate" |
97 |
> - Choose that you want to complete the pending request |
98 |
> - Select the .crt file that you transferred from the Gentoo box |
99 |
> |
100 |
> |
101 |
> HTH |
102 |
> |
103 |
> -- |
104 |
> Best regards, |
105 |
> Daniel |
106 |
> |
107 |
> |
108 |
> -- |
109 |
> gentoo-user@g.o mailing list |
110 |
> |
111 |
> |
112 |
|
113 |
|
114 |
-- |
115 |
You will when you BELIEVE. |
116 |
Buffalo Dickens |