0

I have been having a headache for a long time trying to get this to work. My goal is to create a self signed CA that I can use to create x509 certs so I can install them in two apple ios devices so the two devices can share digitally signed and encrypted emails below is the commands that I have been trying. I'm new to openssl and I would need a bit of explaining. Any help will be most welcome.

Here is the commands that I'm using

openssl req -x509 -config openssl-ca.cnf -newkey rsa:4096 -days 4000 -sha512 -nodes -out cacert.pem -outform PEM

openssl req -config openssl-server.cnf -newkey rsa:4096 -sha512 -nodes -out servercert.csr -outform PEM

echo '01' > serial.txt

openssl ca -config openssl-ca.cnf -policy signing_policy -extensions signing_req -out servercert.pem -infiles servercert.csr

openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out CA.p12 -name "mykey"

openssl pkcs12 -export -in servercert.pem -inkey serverkey.pem -out email4.p12 -name "email"

CA and Server config file is located here http://pastebin.com/QVy9ivGg

RadarG
  • 9
  • 2
  • Do you see an error message? What is the problem you're asking a solution for? – Ivan Oct 21 '16 at 21:19
  • Did I see an error message no. I can import the CA and identity cert into the iPad however. It will not digitally sign nor encrypt the email. – RadarG Oct 22 '16 at 02:49
  • How do you import them? Why do you think e-mail should be encrypted / signed after that - what settings have you configured on iPad? – Ivan Oct 22 '16 at 07:38
  • I added the certs to the ipad and installed the profile via p12 file – RadarG Oct 22 '16 at 07:50
  • Please share the exact commands you've used or screenshots of ui – Ivan Oct 22 '16 at 07:52
  • the above commands are what i used – RadarG Oct 22 '16 at 13:56
  • You probably want to visit both of these: [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639). Once you create your certs, then come back with specific errors from iOS. If you successfully (1) create the CA, (2) create the end-entity certificate, and (3) install your CA, then you may not have any problems. – jww Oct 22 '16 at 16:43
  • On the ipad its saying that the email encryption cert for XXX@XXXXX.com can not be found. Here is the commands that I'm typing [pastebin]http://pastebin.com/vs9Hy5ai The ipad is saying that the CA is verified but the Email cert isnt. – RadarG Oct 22 '16 at 21:46
  • here is a pastebin of my CA and server config [http://pastebin.com/QVy9ivGg](http://pastebin.com/QVy9ivGg) – RadarG Oct 22 '16 at 21:55
  • This question is not answered. I still have the problem – RadarG Oct 22 '16 at 22:03

0 Answers0