Hi, I'm trying to head off issues with the temp 2 yr certs installed by VirtualCenter by replacing them with self-signed certificates with a longer expiration date. I've been thru the VMware PDF, and quite a few good blogs on how to do this. I've been able to generate the rui.key and rui.crt files by using
openssl.exe req -new -x509 -nodes -keyout rui.key -out rui.crt -days 3650 -config openssl0081217.cfg
However, I am unable to generate the pfx file using the following, I get a file of 0 bytes:
openssl.exe pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:testpassword -out rui.pfx
I've debugged this down to if I do NOT use the -name rui parm on the command, the pfx file generates without being 0 bytes, if I put -name back, it fails. I've tried several iterations, moving the -name to the end of the line, putting the value in quotes -name "rui" and even some recommendations of using -name FQDN (which just totally messes up openssl w/ some internal errors).
From what I can tell, the -name may be an optional parm as -name --> The name (or alias, or friendlyName) to associate to with this certificate and private key in the PKCS1 file. So is it really optional or does it have to be --> -name rui like in the vmware PDF
openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:testpassword -out rui.pfx
I've also checked and am using the latest OpenSSL version 0.9.8h 28 May 08 which is I think one of the latest versions.
What am I missing or doing wrong? The VMware pdf file on the keys even shows using -name.
BTW, we tested using openssl from the ESX install and the exact same commands work fine, I think there's a bug in OpenSSL on Windows....
Thanks for any assistance as we've been hacking on this for a day now. GC Mobley