1. Create an RSA private key: [from http://www.openssl.org/docs/HOWTO/keys.txt] $ openssl genrsa -out privkey.rsa 1024 warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus ....................................................++++++ .............++++++ e is 65537 (0x10001) $ ls -lrt -rw-r--r-- 1 build users 891 Sep 13 10:45 privkey.rsa 2. Create a self-signed "test" certificate from your private key: [from http://www.openssl.org/docs/HOWTO/certificates.txt] $ openssl req -new -x509 -key privkey.rsa -out x509.pem -days 1095 Using configuration from /software/openssl/openssl-0.9.6h.ac4/dist/share/openssl/openssl.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]:naim-users.org Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:A naim user Email Address []: $ ls -lrt -rw-r--r-- 1 build users 891 Sep 13 10:45 privkey.rsa -rw-r--r-- 1 build users 936 Sep 13 10:45 x509.pem 3. Create a PKCS#12 package including your private key and public certificate: [from http://arch.cs.utwente.nl/courses/iwa/hwsw/x509.html] $ openssl pkcs12 -export -in x509.pem -inkey privkey.rsa -out x509.p12 -name "A naim user" Enter Export Password: Verifying password - Enter Export Password: $ ls -lrt -rw-r--r-- 1 build users 891 Sep 13 10:45 privkey.rsa -rw-r--r-- 1 build users 936 Sep 13 10:45 x509.pem -rw-r--r-- 1 build users 1669 Sep 13 11:10 x509.p12 4. Convert the certificate from PEM format to DER format: $ openssl x509 -in x509.pem -out x509.crt -outform DER $ ls -lrt -rw-r--r-- 1 build users 891 Sep 13 10:45 privkey.rsa -rw-r--r-- 1 build users 936 Sep 13 10:45 x509.pem -rw-r--r-- 1 build users 1669 Sep 13 11:10 x509.p12 -rw-r--r-- 1 build users 649 Sep 13 11:11 x509.crt 5a. Install your certificate in Windows' registry: Browse to the directory containing the .crt key, for example U:\private Right click on the x509.crt file and Install it. To later remove this certificate: Open Internet Explorer. Open the Tools menu. Select Internet Options. Click on Content. Click on Certificates. Select the certificate and remove. 5b. Import your certificate into WinAIM: [from http://enterprise.aim.com/products/aim/personalcerts/index.html] Start up AOL's Windows AIM client. From the startup screen, select Setup. Scroll down to Security, at the bottom of the list of tabs. Click on Advanced. Click on Import. Type the full path to your .p12 file, for example U:\private\x509.p12 Enter nothing for either password prompt. Enter nothing for the import password prompt. To later remove this certificate: Return to the Setup window. Scroll down to Security. Click on Advanced. Click on Reset.
This document is incomplete, and I have been unable to successfully follow these directions to create and install a certificate for WinAIM. If you are able to adapt these directions and successfully create and install a certificate, please let me know your revised procedure.
$ openssl x509 -in x509.crt -inform DER -text Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=naim-users.org, CN=A naim user Validity Not Before: Sep 13 14:45:54 2003 GMT Not After : Sep 12 14:45:54 2006 GMT Subject: C=US, O=naim-users.org, CN=A naim user Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:d9:a8:82:d9:a3:ef:a1:6a:ca:ac:b3:df:a6:d1: a2:b0:4d:1e:2a:d2:ac:13:63:70:b0:60:45:1b:41: df:3f:18:d8:0c:b0:10:20:66:66:81:95:a1:7a:20: e9:10:74:56:89:33:dc:84:74:e3:01:20:a3:b4:6f: 84:7e:04:d4:95:af:9e:3a:4b:b7:40:50:bc:73:b8: e3:60:c1:a6:0d:77:20:52:5d:50:d6:ac:9f:66:61: 71:0f:b3:5f:35:99:63:db:87:d2:58:a0:9b:cd:11: 1b:02:f4:8e:85:d4:b2:9b:df:46:1d:2f:55:be:f0: 01:39:2f:aa:64:4c:84:5b:6d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: DD:25:A8:C0:43:F9:85:7F:C7:E1:14:F3:EA:30:53:2A:DD:B3:B7:C0 X509v3 Authority Key Identifier: keyid:DD:25:A8:C0:43:F9:85:7F:C7:E1:14:F3:EA:30:53:2A:DD:B3:B7:C0 DirName:/C=US/O=naim-users.org/CN=A naim user serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 2f:28:85:79:ce:5c:23:84:33:12:ad:1f:de:bd:f5:b6:2c:80: 43:10:85:75:d3:6f:27:bb:9c:fb:13:a5:00:47:65:ac:c4:ee: 35:64:1b:ef:4a:16:6c:15:3e:47:22:34:cc:07:42:b3:bd:46: 2a:1d:e3:a7:d9:96:ef:8e:d2:cf:5e:c7:ac:62:46:68:fd:fe: f5:71:ce:56:0c:4c:7b:c1:3b:7d:dd:ef:a3:41:83:04:f4:7b: 14:cb:03:51:06:79:37:1c:36:95:59:1a:ec:0a:71:a1:7f:28: de:8f:82:8f:a9:5e:8d:d0:39:ba:c0:ca:13:58:ad:4d:d4:9a: 19:d3 -----BEGIN CERTIFICATE----- MIIChTCCAe6gAwIBAgIBADANBgkqhkiG9w0BAQQFADA8MQswCQYDVQQGEwJVUzEX MBUGA1UEChMObmFpbS11c2Vycy5vcmcxFDASBgNVBAMTC0EgbmFpbSB1c2VyMB4X DTAzMDkxMzE0NDU1NFoXDTA2MDkxMjE0NDU1NFowPDELMAkGA1UEBhMCVVMxFzAV BgNVBAoTDm5haW0tdXNlcnMub3JnMRQwEgYDVQQDEwtBIG5haW0gdXNlcjCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2aiC2aPvoWrKrLPfptGisE0eKtKsE2Nw sGBFG0HfPxjYDLAQIGZmgZWheiDpEHRWiTPchHTjASCjtG+EfgTUla+eOku3QFC8 c7jjYMGmDXcgUl1Q1qyfZmFxD7NfNZlj24fSWKCbzREbAvSOhdSym99GHS9VvvAB OS+qZEyEW20CAwEAAaOBljCBkzAdBgNVHQ4EFgQU3SWowEP5hX/H4RTz6jBTKt2z t8AwZAYDVR0jBF0wW4AU3SWowEP5hX/H4RTz6jBTKt2zt8ChQKQ+MDwxCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5uYWltLXVzZXJzLm9yZzEUMBIGA1UEAxMLQSBuYWlt IHVzZXKCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAvKIV5zlwj hDMSrR/evfW2LIBDEIV1028nu5z7E6UAR2WsxO41ZBvvShZsFT5HIjTMB0KzvUYq HeOn2ZbvjtLPXsesYkZo/f71cc5WDEx7wTt93e+jQYME9HsUywNRBnk3HDaVWRrs CnGhfyjej4KPqV6N0Dm6wMoTWK1N1JoZ0w== -----END CERTIFICATE----- | $ openssl x509 -in AIMEncrypt_com.crt -inform DER -text Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, CN=AIMEncrypt.com Validity Not Before: Jul 7 02:49:01 2003 GMT Not After : Apr 1 02:49:01 2006 GMT Subject: C=US, CN=AIMEncrypt.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c7:25:09:93:58:ee:1c:c1:4c:12:c3:94:08:66: 81:d6:07:6a:9b:fe:1a:fc:88:96:d0:a3:44:ca:a1: 1a:fc:fd:a3:47:37:1e:89:0c:4a:58:25:be:49:48: 4a:91:e6:93:47:2a:a2:ad:9b:e0:0f:19:1e:bf:7e: 5c:0c:5c:a9:d7:05:af:55:7c:9e:95:90:50:7a:8c: e2:b1:b5:eb:52:fe:21:41:85:f7:a5:46:d6:6e:48: 88:fe:e6:72:d4:cf:40:9a:1e:a0:7b:cd:23:42:e1: 97:22:17:a9:71:fc:2b:69:e5:b7:93:c8:d8:5e:b5: 3f:1e:ba:b9:21:5f:c5:ba:01 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 5A:7F:FF:8F:30:47:18:96:A7:F9:D2:2D:42:E3:40:F9:45:47:BA:B2 X509v3 Authority Key Identifier: keyid:5A:7F:FF:8F:30:47:18:96:A7:F9:D2:2D:42:E3:40:F9:45:47:BA:B2 DirName:/C=US/CN=AIMEncrypt.com serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption c0:15:4b:6b:4d:e3:82:5b:27:65:eb:1a:c3:06:79:7e:78:95: 4b:0d:66:4e:fe:42:a3:fc:20:05:a9:d6:81:c5:e0:6b:74:b2: 79:33:21:ca:f9:a3:dd:cb:44:56:d5:d1:e1:32:9b:d4:9c:de: d0:05:b7:0f:8c:15:29:a4:61:79:2a:0e:6c:1f:25:63:cc:7f: 57:75:62:90:8e:6c:f7:f4:d0:86:09:f9:27:f9:d3:65:99:27: ba:28:bd:91:a6:63:62:4a:69:dd:cb:c5:dc:4f:d8:74:89:ab: 35:73:09:33:98:04:32:b9:a7:7b:dd:42:03:fa:79:36:80:e0: 74:5c -----BEGIN CERTIFICATE----- MIICQTCCAaqgAwIBAgIBADANBgkqhkiG9w0BAQQFADAmMQswCQYDVQQGEwJVUzEX MBUGA1UEAxMOQUlNRW5jcnlwdC5jb20wHhcNMDMwNzA3MDI0OTAxWhcNMDYwNDAx MDI0OTAxWjAmMQswCQYDVQQGEwJVUzEXMBUGA1UEAxMOQUlNRW5jcnlwdC5jb20w gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMclCZNY7hzBTBLDlAhmgdYHapv+ GvyIltCjRMqhGvz9o0c3HokMSlglvklISpHmk0cqoq2b4A8ZHr9+XAxcqdcFr1V8 npWQUHqM4rG161L+IUGF96VG1m5IiP7mctTPQJoeoHvNI0LhlyIXqXH8K2nlt5PI 2F61Px66uSFfxboBAgMBAAGjfzB9MB0GA1UdDgQWBBRaf/+PMEcYlqf50i1C40D5 RUe6sjBOBgNVHSMERzBFgBRaf/+PMEcYlqf50i1C40D5RUe6sqEqpCgwJjELMAkG A1UEBhMCVVMxFzAVBgNVBAMTDkFJTUVuY3J5cHQuY29tggEAMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQEEBQADgYEAwBVLa03jglsnZesawwZ5fniVSw1mTv5Co/wg BanWgcXga3SyeTMhyvmj3ctEVtXR4TKb1Jze0AW3D4wVKaRheSoObB8lY8x/V3Vi kI5s9/TQhgn5J/nTZZknuii9kaZjYkpp3cvF3E/YdImrNXMJM5gEMrmne91CA/p5 NoDgdFw= -----END CERTIFICATE----- |
$ openssl pkcs12 -in x509.p12 -info -noout Enter Import Password: MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Certificate bag PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 | $ openssl pkcs12 -in AIMEncrypt_com.pfx -info -noout Enter Import Password: MAC Iteration 2000 MAC verified OK PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000 Certificate bag Certificate bag |
$ openssl pkcs12 -in x509.p12 -out x509.p12.pem Enter Import Password: MAC verified OK Enter PEM pass phrase: abcd Verifying password - Enter PEM pass phrase: abcd $ cat x509.p12.pem Bag Attributes localKeyID: 3E E7 A3 59 F1 AB D5 7E 3E 70 65 83 B1 53 5B 89 81 1A DA E1 friendlyName: A naim user subject=/C=US/O=naim-users.org/CN=A naim user issuer= /C=US/O=naim-users.org/CN=A naim user -----BEGIN CERTIFICATE----- MIIChTCCAe6gAwIBAgIBADANBgkqhkiG9w0BAQQFADA8MQswCQYDVQQGEwJVUzEX MBUGA1UEChMObmFpbS11c2Vycy5vcmcxFDASBgNVBAMTC0EgbmFpbSB1c2VyMB4X DTAzMDkxMzE0NDU1NFoXDTA2MDkxMjE0NDU1NFowPDELMAkGA1UEBhMCVVMxFzAV BgNVBAoTDm5haW0tdXNlcnMub3JnMRQwEgYDVQQDEwtBIG5haW0gdXNlcjCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2aiC2aPvoWrKrLPfptGisE0eKtKsE2Nw sGBFG0HfPxjYDLAQIGZmgZWheiDpEHRWiTPchHTjASCjtG+EfgTUla+eOku3QFC8 c7jjYMGmDXcgUl1Q1qyfZmFxD7NfNZlj24fSWKCbzREbAvSOhdSym99GHS9VvvAB OS+qZEyEW20CAwEAAaOBljCBkzAdBgNVHQ4EFgQU3SWowEP5hX/H4RTz6jBTKt2z t8AwZAYDVR0jBF0wW4AU3SWowEP5hX/H4RTz6jBTKt2zt8ChQKQ+MDwxCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5uYWltLXVzZXJzLm9yZzEUMBIGA1UEAxMLQSBuYWlt IHVzZXKCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAvKIV5zlwj hDMSrR/evfW2LIBDEIV1028nu5z7E6UAR2WsxO41ZBvvShZsFT5HIjTMB0KzvUYq HeOn2ZbvjtLPXsesYkZo/f71cc5WDEx7wTt93e+jQYME9HsUywNRBnk3HDaVWRrs CnGhfyjej4KPqV6N0Dm6wMoTWK1N1JoZ0w== -----END CERTIFICATE----- Bag Attributes localKeyID: 3E E7 A3 59 F1 AB D5 7E 3E 70 65 83 B1 53 5B 89 81 1A DA E1 friendlyName: A naim user Key Attributes: | $ openssl pkcs12 -in AIMEncrypt_com.pfx -out AIMEncrypt_com.pfx.pem Enter Import Password: g8dJ82kjfjq32h MAC verified OK Enter PEM pass phrase: abcd Verifying password - Enter PEM pass phrase: abcd $ cat AIMEncrypt_com.pfx.pem Bag Attributes localKeyID: 01 00 00 00 friendlyName: {2B1C6734-41F4-4530-B257-292F4B7CED64} 1.3.6.1.4.1.311.17.1: Microsoft Base Cryptographic Provider v1.0 Key Attributes X509v3 Key Usage: 10 -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,1D9E269985E2F339 jjwBsu7E1PySXb+gzUknisR2hDCuifA+vMPEsT5H5C/+IaImxahFYsn+Xept8G58 D87+2Gjc6quavh+ylqwrAX5xYWbow3OIXmW0kQWKcLMocQRqM8rTpbPx7AK87GL6 IVmvTFrJokE339dz8eXaQK85ru/rnx8aYdL7GxFGMtr6yUv4+uXUB5VI9XLMFAyD J03zEbHFrJcrKKsSgS4oPAlm+aEL+vY7B9gKgay9GJbZWlCrJa9SUaN+dbV7A3xR iBqAvqg6u/TKgwkqJl/H6RwqMkntsFEDkTGu/at/yspQ7cuZ3aHSh6GolS6btyEB qItRDo3MnqURsC8RYoWW66zgLrlxKfDmqaYt/NIt2w3ygfQUUmfMFZPdtfp+OWX9 Acya+xU4XzMHin9Y9SC0tTDenPZJd4P/NqTLiVXSnUwCSm3hBMANoHC8E2aCTXD/ Xl/4f5wRvPnLJYBpYPwvRvMxSTk5iJTljv6QEGR6uETWzxYNWMZzwZAIHdmS/cK1 Av4369twe2R+39RJzJiAaykLCirMHZK4vGnYQhCXtfIwFFoWbfMZh1v3lZP8Unym rabA9QePbOL2Do8jHnS7jm0hqo/8VJStFxj00z5NyejDumtiBhu5wSdALhEKMwhI 8y9nYnxsktFy6PaaFvuqDBTKoET7lbx9hOo5QJMY/EFBQLhziIAKqegEPupNXz1M AIf3aw3hjt74cUU37WIRiBeXsSHaymasPLGIUTSQTKiwjnBs/qOLJOPYNfNmpvXj ZbNEcGwoTcMApu8NXGGUjZn8vp8wxpIBbHTnKuyB0bisEpXMODQJyA== -----END RSA PRIVATE KEY----- Bag Attributes localKeyID: 01 00 00 00 friendlyName: AIMEncrypt.com subject=/C=US/CN=AIMEncrypt.com issuer= /C=US/CN=AIMEncrypt.com -----BEGIN CERTIFICATE----- MIICbjCCAdegAwIBAgIBATANBgkqhkiG9w0BAQQFADAmMQswCQYDVQQGEwJVUzEX MBUGA1UEAxMOQUlNRW5jcnlwdC5jb20wHhcNMDMwNzA3MDI1MjMyWhcNMDQwNzA2 MDI1MjMyWjAmMQswCQYDVQQGEwJVUzEXMBUGA1UEAxMOQUlNRW5jcnlwdC5jb20w gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKeh1vE8mJVyMM1fwUqdPaKaqlr0 xM1DRCAMMZHYV0B2gVMMykBllBiMBLCb+HEaSz5908Xrn7x2f/p+jDkIXqBWo/cn sja0Y3CqJ7iuFW09p1vC777R41ruq0VfEJ0bI8ynMHkTKfcTbfQQzs0IuOuJ+TKB B3dax1u8imWdMhepAgMBAAGjgaswgagwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDxuY78W XeIu8Cn/KkgzsL2LS+KKME4GA1UdIwRHMEWAFFp//48wRxiWp/nSLULjQPlFR7qy oSqkKDAmMQswCQYDVQQGEwJVUzEXMBUGA1UEAxMOQUlNRW5jcnlwdC5jb22CAQAw DQYJKoZIhvcNAQEEBQADgYEAVxiJzjUsGwhk6zZB5pCMETiGP5qxZZ8NsNpLouQR Xk918mmZs5noGaqC9rS0AhlYt6oYrHYWSo41aBHIIjTHOnbHYZURfdH8gampZe4b Y71tqpk5q9c0C7UG3HuKeDDwHig5OFabzjai504Z0wC5z1N0wCr+7gp7vIXOqp37 pg8= -----END CERTIFICATE----- Bag Attributes: |