James J. Lippard wrote:
>
> On Sun, 12 Mar 2000 00:27:58 -0500 in Gary Harris <[EMAIL PROTECTED]> wrote:
> > There is a file "serial" in the ssl directory. It increments from whatever
> > number is stored in that file.
>
> My openssl.cnf specifies a serial file, but that file is ignored when I
> create a CA certificate using:
>
> openssl genrsa -des3 -out ca.key 1024
> openssl req -new -x509 -days 1825 -key ca.key -out ca.crt
>
> I'm also not sure that's what MSIE is barfing on--I see that there's at
> least one CA cert in Netscape that has a serial of 0 (ABA.ECOM Root CA).
>
Does the CA and any other certificate have the same issuer name and
serial number? If so thats certain to confuse browsers because this is
illegal.
Does the problem arise when you just install the CA certificate?
If so then I suggest you include the certificate itself.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
