Re: Cert Question

Thu, 28 Oct 1999 05:54:46 -0700 

Hi there,

On Thu, 28 Oct 1999, Dr Stephen Henson wrote:

> FITZPATRICK,THOM (Non-HP-Roseville,ex1) wrote:
> > 
> > 
> > VeriSign sez to use a command called "getca" with my new certificate as an
> > argument.  This assumes you're using SSLeay, which I'm not, I'm using
> > OpenSSL.
> > 
> 
> I think 'getca' is part of a commerical package. It certainly wasn't
> part of SSLeay.

<gulp> Actually 'getca' is one of the utilities used in Stronghold. I'm
guessing that you were asking for a GSID cert and Verisign assumed you
meant Stronghold rather than Apache + mod_ssl? Anyway, if it IS a GSID
cert I'm afraid I don't know how to help you with importing the cert into
such a server and you may be better asking on the mod_ssl list. Stronghold
certs are straight ahead PEM format certificate/keys as used in SSLeay -
OpenSSL (and therefore the server you're configuring) so there is hope for
you, and it also explains why Verisign probably made this assumption - but
I have no idea to what extent they support non-commercial servers
(OpenSSL-based or otherwise) and whether or not they can help you get GSID
certs operating with such a server.

This is not a plug for C2Net (who produce Stronghold and for whom I work),
I'm just trying to help you out of the confusion with Verisign rather than
leave you searching high and low for "getca". I suggest clarifying with
Verisign about the actual server you're using and/or speaking with the
mod_ssl list about GSID support. If it was NOT a GSID cert you obtained
then you should have even less grief getting it all running properly with
your server.

Good luck!

Geoff


----------------------------------------------------------------------
Geoff Thorpe                                    Email: [EMAIL PROTECTED]
Cryptographic Software Engineer, C2Net Europe    http://www.int.c2.net
----------------------------------------------------------------------
May I just take this opportunity to say that of all the people I have
EVER emailed, you are definitely one of them.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to