Openssl on Windows 2008 R2
I am having a problem with the PKCS12 format.
So here is some background on what I am doing. I am working on a Windows 2008R2 server and attempting to set up a self-signed certificate for clients to use when authenticating to an application via a remote client. The application vendor has provided me with some instructions on how to do this. So far most of the instructions worked, but not particularly well.
I have created the directory/subdirectory structures, the index file and serial file.
mkdir caserver
cd caserver
mkdir certs
mkdir certs\private
mkdir certs\newcerts
echo 2 > certs\index.txt
echo 21 > certs\serial
Modified the openssl.cfg file appropriately. Then generated the cakey.pem and the cacert.pem.
openssl.exe req -new -x509 -days 365 -keyout certs\private\cakey.pem -out certs\cacert.pem
From there I have created the server_csr.pem and server_key.pem.
openssl.exe req -days 365 -out server_csr.pem -new -newkey rsa:2048 -keyout server_key.pem
After that I have used the server_csr.pem to create the server_cert.pem
openssl.exe ca -in server_csr.pem -out server_cert.pem
Ok at this point I run this:
openssl.exe pkcs12 -export -in server_cert.pem -inkey server_key.pem > server.p12
This creates the server.p12 file. At this point I am supposed to create the certificate and key in the proper format with these commands
openssl.exe pkcs12 -in server.p12 -out server-cert.pem -nokeys
and
openssl.exe pkcs12 -in server.p12 -out server-key.pem -nocerts -nodes
These final two commands are what I cannot get working. They give me the following errors:
:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:w
:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:
Any help that you can render me would be appreciated. Also unfortunately I cannot upload anything though I can an will answer questions to the best of my ability.
Respectfully,
Dan
So here is some background on what I am doing. I am working on a Windows 2008R2 server and attempting to set up a self-signed certificate for clients to use when authenticating to an application via a remote client. The application vendor has provided me with some instructions on how to do this. So far most of the instructions worked, but not particularly well.
I have created the directory/subdirectory structures, the index file and serial file.
mkdir caserver
cd caserver
mkdir certs
mkdir certs\private
mkdir certs\newcerts
echo 2 > certs\index.txt
echo 21 > certs\serial
Modified the openssl.cfg file appropriately. Then generated the cakey.pem and the cacert.pem.
openssl.exe req -new -x509 -days 365 -keyout certs\private\cakey.pem -out certs\cacert.pem
From there I have created the server_csr.pem and server_key.pem.
openssl.exe req -days 365 -out server_csr.pem -new -newkey rsa:2048 -keyout server_key.pem
After that I have used the server_csr.pem to create the server_cert.pem
openssl.exe ca -in server_csr.pem -out server_cert.pem
Ok at this point I run this:
openssl.exe pkcs12 -export -in server_cert.pem -inkey server_key.pem > server.p12
This creates the server.p12 file. At this point I am supposed to create the certificate and key in the proper format with these commands
openssl.exe pkcs12 -in server.p12 -out server-cert.pem -nokeys
and
openssl.exe pkcs12 -in server.p12 -out server-key.pem -nocerts -nodes
These final two commands are what I cannot get working. They give me the following errors:
:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:w
:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:
Any help that you can render me would be appreciated. Also unfortunately I cannot upload anything though I can an will answer questions to the best of my ability.
Respectfully,
Dan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER