[EMAIL PROTECTED] wrote:
>
> Hello and thanks for reading this:
>
> I use OpenSSL 0.9.5a, Red Hat Linux 6.2, Intel platform.
>
> I'm trying to produce PKCS#12 files to be able to keep the all generation
> process under my control and to distribute only one file (BTW: why is it
> taken for such a security bug?). I do it the following way:
>
The reason this is frowned upon is that the certificate authority then
has a copy of the users private key and can read any encrypted mail or
forge their signature.
Other techniques like KEYGEN generate the private key on the browser and
never reveal it to the CA.
>
> BUT: whenever I import this PKCS#12 file to Netscape Communicator 4.73
> (what works smoothly) and try to send a signed e-mail, it says that I don't
> have an e-mail certificate.
>
Check security->messenger and select the certificate (assuming it is
listed there) its security->applications->messenger under PSM. Even if
you have only one certificate and it looks like its selected click on
the listbox and select it anyway.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
