Re: using own CA certs with various clients

Wed, 17 Oct 2001 01:06:38 -0700

Hello,

I think you have to install the CA certificates in your client browser. I know two techniques you can use:

  1. your client can download your CA certificate from you web site ( you need to use the mime type application/x-x509-ca-cert in your httpd.conf file)
  2. or you can generate, for each one of your end users, a PKCS#12 file containing his private key his certificate and your CA certificate
I' hope that my answer, be helpful
bye

Zachary Denison a écrit :

Hi,

I am using openssl to secure a number of services in
my organization: http, imap, smtp, ldap etc...

For our internal servers we have been able to generate
CA certs with openssl and sign our own certificates
and all the services work great, EXCEPT the client
software always complains that the certificate chain
doesn't end with a trusted CA.  I am speaking
specifically about MS-outlook and netscape.  outlook
complains every single session where netscape at least
gives you the option to accept the certificate
forever.
Anyway I am sure other clients would complain too.

My question is how can I prevent these messages, how
can I get the client software to trust our own CA
cert.  On the web I searched and someone said to make
a pkcs12 client cert.. anyway I tried that in a number
of ways and it didnt work... And I really dont care
about verifying the client... I to just make the
client trust the homegrown ca.

Any help would be much appreciated.
Thanks
Zachary.

__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

begin:vcard 
n:MEJRI;haikel 
tel;fax:216 1 320 210
tel;work:216 1 359 402
x-mozilla-html:FALSE
org:Agence Nationale de Certification Electronique;Dept. PKI
version:2.1
email;internet:hhm@certificationtn
title:Ingénieur Principal
adr;quoted-printable:;;3 bis, Rue d'Angleterre=0D=0AMinist=E8re des Technologies de la Communication;Tunis;;1000;Tunisie
x-mozilla-cpt:;30752
fn:haikel MEJRI
end:vcard

Reply via email to