Thanks for response.
I have communicated with gnupg-users@. the guide me to use “gpgms” tool to create CSR.
and follow the prompts.
If it asks you “Create self-signed certificate? (y/N)”, you want to answer “N” (no) because you want the csr instead.
For example (this is not on windows, this is on a GNU/Linux machine, but it should look similar to what you see in the windows cmd.exe shell:
0 dkg@alice:~$ gpgsm --gen-key
gpgsm (GnuPG) 2.1.17; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(2) Existing key
(3) Existing key from card
Your selection? 1
What keysize do you want? (2048)
Requested keysize is 2048 bits
Possible actions for a RSA key:
(1) sign, encrypt
Your selection? 1
Enter the X.509 subject name: CN=bananas.example Enter email addresses (end with an empty line):
Enter DNS names (optional; end with an empty line):
Enter URIs (optional; end with an empty line):
Create self-signed certificate? (y/N)
These parameters are used:
Key-Usage: sign, encrypt
Proceed with creation? (y/N) y
Now creating certificate request. This may take a while …
gpgsm: about to sign the CSR for key: &C6962BE32BF3CA7C3207BCECC0FC1CD3C24CC2E7
gpgsm: certificate request created
Ready. You should now send this request to your CA.
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Then you’d copy/paste the stuff between the “-----BEGIN CERTIFICATE REQUEST-----” and “-----END CERTIFICATE REQUEST-----” lines (including those lines as
well) into a file that you can import into your CA.
send it to CA. and got the certificate.
I have imported it with CA root and intermidate certificates via Kleopatra UI. but but when I try to use it for encryption or signing, it throw error. see attached image.
did I do wrong?
or kelopatra does not support that?
I have successfully created the CSR and send it to internal CA (Microsoft CA) team. They sent me the certificate. I have used Kleopatra UI to import the created certificate after save it in a file (attaching sample file). Using same Kleopatra UI, I have also imported root & intermediate certificates for the CA. looks like attached img(kleopatra.png):
We I tried to encrypt or sign any file, it shows this error (attached error.png)
Is there anything wrong I have done?
Or it is just because Kleopatra does not support X.509 certificate created by Microsoft CA?