My understanding is that VeriSign is forbidden by law from issuing GSID
certs except for servers for which the US government has issued an export
permit. When you request a GSID cert, you must make a representation to
VeriSign that you are using one of the listed servers.
--Steve Cook
At 02:39 PM 10/28/99 +0100, Geoff Thorpe wrote:
><gulp> Actually 'getca' is one of the utilities used in Stronghold. I'm
>guessing that you were asking for a GSID cert and Verisign assumed you
>meant Stronghold rather than Apache + mod_ssl? Anyway, if it IS a GSID
>cert I'm afraid I don't know how to help you with importing the cert into
>such a server and you may be better asking on the mod_ssl list. Stronghold
>certs are straight ahead PEM format certificate/keys as used in SSLeay -
>OpenSSL (and therefore the server you're configuring) so there is hope for
>you, and it also explains why Verisign probably made this assumption - but
>I have no idea to what extent they support non-commercial servers
>(OpenSSL-based or otherwise) and whether or not they can help you get GSID
>certs operating with such a server.
>
>This is not a plug for C2Net (who produce Stronghold and for whom I work),
>I'm just trying to help you out of the confusion with Verisign rather than
>leave you searching high and low for "getca". I suggest clarifying with
>Verisign about the actual server you're using and/or speaking with the
>mod_ssl list about GSID support. If it was NOT a GSID cert you obtained
>then you should have even less grief getting it all running properly with
>your server.
>
>Good luck!
>
>Geoff
>
>>On Thu, 28 Oct 1999, Dr Stephen Henson wrote:
>> I think 'getca' is part of a commerical package. It certainly wasn't
>> part of SSLeay.
>>
>> On Wed 27 Oct 1999, "Thom Fitzpatrick" <[EMAIL PROTECTED]> wrote:
>>
>>> VeriSign sez to use a command called "getca" with my new certificate as an
>>> argument. This assumes you're using SSLeay, which I'm not, I'm using
>>> OpenSSL.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
