Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with certificate - StrongHold CA

Problem with certificate - StrongHold CA

Hi
After generating a key, the certificate request and signing the request as Private CA and having the new certificate created... also after rebooting the system, the StrongHold server keeps saying the certificate is expired.

Also how to I change the PEM cerficate format to DER (netscape) format??

thanks :-(
Coffee please ;-)
1 REPLY
Highlighted

Re: Problem with certificate - StrongHold CA

Diadina,

the x509 command, which is part of the openssl suite, should help you with both of your problems:

You can use the x509 command to view the certificate that you just created. Take a good look at the timestamps regarding validity. What happened to me once, was that I generated the cert on a machine whose clock was 1 hour ahead, so the begin of the validity period of the cert was still in the future, when I tried to load it on a machine with a correct clock. Another reason might be that Stronghold does not know your root CA key, did you import the public key of "Private CA" as a "signer's key" into Stronghold? If he does not know the public key of your CA, he cannot validate your signature.

Regarding your second question, x509 can also convert between PEM and DER,
see man x509.

x509 -inform PEM -in mycert.pem -outform DER -out mycert.der should do the trick.

Best regards,

Knut