Petr : jj, přidal jsem si Root certifikát jako novou naimportovanou autoritu.
Ondřej : Zkoušel jsem to tam přidat pomocí přepínače, ale chyba zůstala pořád stejná
pořadí kommandu :
1.) Vygenerovat request
C:\data\sslcert>openssl ca -in request.pem -out cert.pem -subj "/emailAddress=petr.kostroun@xxx.cz/CN=Petr Kostroun/OU=EMPLOYEE/O=xxx/ST=Czech Republic/C=CZ" -conf ./openssl.cnf
Vystup :
Using configuration from ./openssl.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :PRINTABLE:'Petr Kostroun'
organizationalUnitName:PRINTABLE:'EMPLOYEE'
organizationName :PRINTABLE:'xxx'
stateOrProvinceName :PRINTABLE:'Czech Republic'
countryName :PRINTABLE:'CZ'
2.) Podepsat certifikát pomocí mé Cert auth :
openssl ca -in request.pem -out cert.pem -subj "/emailAddress=petr.kostroun@xxx.cz/CN=Petr Kostroun/OU=EMPLOYEE/O=xxx/ST=Czech Republic/C=CZ" -config ./openssl.cnf
Vystup
Using configuration from ./openssl.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :PRINTABLE:'Petr Kostroun'
organizationalUnitName:PRINTABLE:'EMPLOYEE'
organizationName :PRINTABLE:'xxx'
stateOrProvinceName :PRINTABLE:'Czech Republic'
countryName :PRINTABLE:'CZ'
Certificate is to be certified until Jun 27 12:08:42 2021 GMT (3600 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
3.) překonvertovat certifikát do pks12
C:\data\sslcert>openssl pkcs12 -export -in cert.pem -inkey key.pem -certfile ./demoCA/cacert.pem -name "Petr Kostroun" -out name-cert.p12 -config ./openssl.cnf
Chyba viz. : (
https://picasaweb.google.com/100460485628434863657/Printscreens)