[openssl-users] Certificates generated using 3k/4k CSR generated with OpenSSL fails on Windows 2008R2
bhat.jayalakshmi at gmail.com
Wed Aug 10 07:09:05 UTC 2016
I am generating 1k/2k/3k/4k CSR's on our device using OpenSSL library. I am
generating these CSR on our device. We have windows 2008 R2 servers and I
am signing these CSR using certificate authority on windows server. I am
setting only client and server authentication bits in the CSR since these
are simple end entity certificates. Once certificates are generated , I am
able to install the certificates on our device.
These certificates are working well with 802.1x (EAP-TLS) setup on the same
windows 2008 R2 server. However when I was trying to test IPsec with
certificate based authentication, authentication is failing.Enabling the
IPsec event viewer shows error in accepting the certificate and generates a
?invalid signature? message which looks to be generic. Failures are seen
only with 3k and 4k certificates.
Later I refered to a link http://blog.gentilkiwi.com/tag/bag-attributes
-LMK -CSP "xxx" -name options, certificate worked well. I wanted to know
is any one having similar experience with 3k and 4k ID certificates that
does not have these fields on windows system.
Any help is appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users