Certificates for MS EFS

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Certificates for MS EFS

Rodrigo A B Freire
    OpenSSL Gurus,

    I run a local CA and I wish to use the OpenSSL certificates to cipher
the EFS ops.

    To do so, I need to generate the certificates with the extended OID (listed as msEFS on objects.h)

    My certificate generation flow is:

openssl req -nodes -new -x509 \
            -keyout /etc/CA/certs/key.pem \
            -out /etc/CA/certs/cert.pem -days 365

openssl x509 -x509toreq
             -in /etc/CA/certs/cert.pem \
             -signkey /etc/CA/certs/key.pem \
             -out /etc/CA/certs/tmp.pem

openssl ca -policy policy_anything \
            -out /etc/CA/certs/cert.pem \
            -infiles /etc/CA/certs/tmp.pem

    I've tried creating a file, named ext_oids containing:

[ ext_client ]
# OID: (msEFS) Microsoft Encrypted File System

    And appended to step 2 (openssl x509):
  -extfile /etc/CA/ext_oids -extensions ext_client

    Didn't work.

    Any hint? Light?


OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]