I am using SSLeay and now Openssl to create client certificates for use
in Navigator. I have been successful importing certs (after conversion
with pkcs12) into Navigator 4.04, and having them accepted by Apache-SSL
server when the browser is challenged. However, the same cert will not
work in any other version of Navigator (4.03, 4.05, or 4.08/Communicator
4.5), that is, it seems to import OK, and responds appropriately when
verified or viewed, but when the browser containing it is challenged by
the Apache-SSL server, the browser insists there is no certificate
installed. I have tried SSLeay 0.90 and Openssl 0.92b, have used ca-fix,
have tried commenting out nscerttype, or changing to the nscerttype
switch for client certs. What is special about version 4.04, and how can
I fix things for other versions?
Here is newcert.pem:
issuer :/C=US/ST=Maine/L=Old
[EMAIL PROTECTED]
subject:/C=US/ST=Maine/L=Old Town/O=OTFP/OU=Back Office/CN=Guy
[EMAIL PROTECTED]
serial :01
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Maine, L=Old Town, O=OTFP, OU=Medinfo,
[EMAIL PROTECTED]
Validity
Not Before: Apr 17 01:25:50 1999 GMT
Not After : Apr 16 01:25:50 2000 GMT
Subject: C=US, ST=Maine, L=Old Town, O=OTFP, OU=Back Office,
CN=Guy [EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c2:05:67:27:d7:a8:f6:0b:33:a9:62:3e:f5:89:
da:8e:a5:0e:c6:e3:7a:44:eb:a7:c6:a9:bc:ff:b8:
a1:3b:ed:49:84:b8:aa:4b:5f:8e:87:2d:99:8f:dd:
49:8c:22:8e:a6:a0:da:97:05:34:14:41:73:56:ea:
37:ad:e2:0c:42:e6:aa:05:b6:ac:48:77:e1:f1:61:
27:17:2b:37:b7:b4:9b:01:3c:ef:04:32:7d:21:03:
2a:c6:fd:50:78:a7:9a:c2:f6:11:0e:08:f5:02:93:
a0:f9:fe:c5:03:fa:2b:79:7a:01:6e:f3:c9:37:3d:
6e:36:e6:3a:b2:b4:1b:bb:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape CA Revocation Url:
http://www.cryptsoft.com/ca-crl.pem
Netscape Comment:
This is a comment
Netscape Cert Type:
0xA0
Signature Algorithm: md5WithRSAEncryption
c0:10:78:de:32:6b:f8:95:ce:20:92:aa:e8:ca:a1:1b:c8:13:
26:35:d5:7a:76:35:73:c4:93:9d:d5:00:2b:d7:80:92:10:51:
79:19:dd:f8:ec:af:b9:1f:91:2e:2d:f0:36:25:a2:d9:7b:93:
a0:11:f8:78:69:0e:f0:42:06:0b:54:c7:e8:c1:14:63:62:2e:
c0:a5:ea:d9:c5:d0:28:a7:ca:a1:9c:da:07:05:2e:7a:e6:9b:
b2:b1:ed:0f:e1:63:c0:5e:ac:be:ce:4d:1d:f5:5e:46:68:9e:
54:b6:dd:4e:6a:0e:d5:09:b5:f7:61:93:59:4b:8c:f2:4d:75:
fc:0f
-----BEGIN CERTIFICATE-----
MIIDADCCAmmgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEBhMCVVMx
DjAMBgNVBAgTBU1haW5lMREwDwYDVQQHEwhPbGQgVG93bjENMAsGA1UEChMET1RG
UDEQMA4GA1UECxMHTWVkaW5mbzEXMBUGA1UEAxMObG9naWMub3RmcC5vcmcxIjAg
BgkqhkiG9w0BCQEWE3JvdXNzZWxAbWVkLnVuYy5lZHUwHhcNOTkwNDE3MDEyNTUw
WhcNMDAwNDE2MDEyNTUwWjCBjzELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBU1haW5l
MREwDwYDVQQHEwhPbGQgVG93bjENMAsGA1UEChMET1RGUDEUMBIGA1UECxMLQmFj
ayBPZmZpY2UxFDASBgNVBAMTC0d1eSBSb3Vzc2VsMSIwIAYJKoZIhvcNAQkBFhNy
b3Vzc2VsQG1lZC51bmMuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC
BWcn16j2CzOpYj71idqOpQ7G43pE66fGqbz/uKE77UmEuKpLX46HLZmP3UmMIo6m
oNqXBTQUQXNW6jet4gxC5qoFtqxId+HxYScXKze3tJsBPO8EMn0hAyrG/VB4p5rC
9hEOCPUCk6D5/sUD+it5egFu88k3PW425jqytBu7SwIDAQABo2swaTAyBglghkgB
hvhCAQQEJRYjaHR0cDovL3d3dy5jcnlwdHNvZnQuY29tL2NhLWNybC5wZW0wIAYJ
YIZIAYb4QgENBBMWEVRoaXMgaXMgYSBjb21tZW50MBEGCWCGSAGG+EIBAQQEAwIA
oDANBgkqhkiG9w0BAQQFAAOBgQDAEHjeMmv4lc4gkqroyqEbyBMmNdV6djVzxJOd
1QAr14CSEFF5Gd347K+5H5EuLfA2JaLZe5OgEfh4aQ7wQgYLVMfowRRjYi7AperZ
xdAop8qhnNoHBS565puyse0P4WPAXqy+zk0d9V5GaJ5Utt1Oag7VCbX3YZNZS4zy
TXX8Dw==
-----END CERTIFICATE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
