Problem with certificate - StrongHold CA (25 Views)
Reply
Advisor
Diadina Cotte
Posts: 31
Registered: ‎05-29-2002
Message 1 of 2 (25 Views)

Problem with certificate - StrongHold CA

Hi
After generating a key, the certificate request and signing the request as Private CA and having the new certificate created... also after rebooting the system, the StrongHold server keeps saying the certificate is expired.

Also how to I change the PEM cerficate format to DER (netscape) format??

thanks :-(
Coffee please ;-)
Please use plain text.
Advisor
Knut Eckstein
Posts: 20
Registered: ‎02-17-2002
Message 2 of 2 (25 Views)

Re: Problem with certificate - StrongHold CA

Diadina,

the x509 command, which is part of the openssl suite, should help you with both of your problems:

You can use the x509 command to view the certificate that you just created. Take a good look at the timestamps regarding validity. What happened to me once, was that I generated the cert on a machine whose clock was 1 hour ahead, so the begin of the validity period of the cert was still in the future, when I tried to load it on a machine with a correct clock. Another reason might be that Stronghold does not know your root CA key, did you import the public key of "Private CA" as a "signer's key" into Stronghold? If he does not know the public key of your CA, he cannot validate your signature.

Regarding your second question, x509 can also convert between PEM and DER,
see man x509.

x509 -inform PEM -in mycert.pem -outform DER -out mycert.der should do the trick.

Best regards,

Knut
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation