Erwann ABALEA writes:
>
> On Thu, 4 Mar 1999, Wade L. Scholine wrote:
>
> > I am trying to use s_server -Verify to learn some stuff about client
> > authentication. I'm using Netscape 4.5 as a client, and I
> have a couple of
> > free certs from Entrust and Verisign. When I try to connect
> to s_server I
> > get an error message from NS to the effect that I don't
> have any certs, and
> > s_server refuses the connection.
> >
> > The actual error message from NS is as follows:
> >
> > The site 'foo' has requested client authentication, but
> you do not
> > have a
> > Personal Certificate to authenticate yourself. The site
> may choose
> > not to give
> > you access without one.
> >
> > What does NS mean by 'Personal Certificate' in this
> context? I would have
> > thought that the Entrust and Verisign samples would qualify.
>
> Your server has a list of acceptable CAs, and sends this list to the
> browser, which then asks the user to choose into a list of
> certificates
> signed directly or indirectly by the server's CA certs...
>
> What you have to do is get a user certificate for your
> Netscape, and put
> the CA certs into your s_server configuration...
I'm afraid I don't understand. Are you saying that I need a copy of
Verisign's or Entrust's root CA cert to load into s_server in order to make
this work?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
