Hi,
I used the following command to generate the client
cert in PKCS12 format. And the browsers (IE55, Nav
4.08)accepted it and the server seem to authenticate
the client.
Is it possible that with PKCS12 the private key gets
embedded into the file and that is how the browsers
get it?
Command:
pkcs12 -export -in newcert.pem -inkey newreq.pem \
-certfile /usr/local/ssl/CAcert.pem -name "Name"
-out newcert.p12
I generated the private key file and cert using
openssl genrsa and openssl req / sign.sh (to sign the
csr, script provided by mod_ssl) respectively.
Thanks,
mohan
--- Greg Stark <[EMAIL PROTECTED]> wrote:
> dm,
>
> > My question is: How does the browser get the
> private
> > key? Shouldn't it be needing that for
> authentication?
> > Isn't that there is some challenge thrown by the
> > server based on client public key?
>
> Perhaps you generated your private key through
> the browser; we have no
> way of knowing. The private key is needed for
> successful client
> authentication. The client does in fact have to sign
> all the handshake
> messages (which include a server random value).
>
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
> _____________________________________
>
>
>
>
______________________________________________________________________
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
