On Thu, 4 Mar 1999, Wade L. Scholine wrote:
> I am trying to use s_server -Verify to learn some stuff about client
> authentication. I'm using Netscape 4.5 as a client, and I have a couple of
> free certs from Entrust and Verisign. When I try to connect to s_server I
> get an error message from NS to the effect that I don't have any certs, and
> s_server refuses the connection.
>
> The actual error message from NS is as follows:
>
> The site 'foo' has requested client authentication, but you do not
> have a
> Personal Certificate to authenticate yourself. The site may choose
> not to give
> you access without one.
>
> What does NS mean by 'Personal Certificate' in this context? I would have
> thought that the Entrust and Verisign samples would qualify.
Your server has a list of acceptable CAs, and sends this list to the
browser, which then asks the user to choose into a list of certificates
signed directly or indirectly by the server's CA certs...
What you have to do is get a user certificate for your Netscape, and put
the CA certs into your s_server configuration...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
