I tried to do this;
<< how can you get your CA to appear in the list of acceptable ca names?
The FAQ gives the reason for this and some more info. What it doesn't
> say is how to add your CA to the trusted list of IIS. IIRC you can do
> this via the certificate import wizard, something like clicking on the
> "show physical stores" box and trusted root->local computer. You may
> have to the reboot. You can check using s_client to see if your CA is
> then sent (see FAQ).
I do not have an option to show physical stores, that I can find..
Here is the output of the following command
openssl s_client -connect 192.168.0.1:443 -prexit
CONNECTED(00000003)
---
Certificate chain
0 s:/C=US/ST=Virginia/L=Arlington/O=BBN
Technologies/OU=DAML/CN=xxx.xxxx.org <<<<<server cert>>>>>
i:/C=US/ST=Virginia/L=Arlington/O=DARPA/OU=DAML/CN=xxx.xxxxxx.org/Email=thas
[EMAIL PROTECTED] <<<<<root cert>>>>>
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDrDCCAxWgAwIBAgICANYwDQYJKoZIhvcNAQEEBQAwgYgxCzAJBgNVBAYTAlVT
MREwDwYDVQQIEwhWaXJnaW5pYTESMBAGA1UEBxMJQXJsaW5ndG9uMQ4wDAYDVQQK
EwVEQVJQQTENMAsGA1UECxMEREFNTDEVMBMGA1UEAxMMd3d3LmRhbWwub3JnMRww
GgYJKoZIhvcNAQkBFg10aGFzaEBiYm4uY29tMB4XDTAyMDMwNzE1MjcwNloXDTA3
MDMwNjE1MjcwNlowdjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRIw
EAYDVQQHEwlBcmxpbmd0b24xGTAXBgNVBAoTEEJCTiBUZWNobm9sb2dpZXMxDTAL
BgNVBAsTBERBTUwxFjAUBgNVBAMTDTE5Mi4yMzMuNDkuMjcwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAOQHadKOAkDrMF9K4hwPvXt0UN7eLklhEcaZHb/H6aLK
vR33eXNyeyfNaDYrxQbu/IZBSWjnbMGUer6Y1xnz+QtCfu1bF1G2c8lK+sb3Xb+B
GwRJGJo8twh9HDWAcVSRr53sYUUPQNLcdH7SS+IAKBIvr7VPuPdurWJOj/1zi8Gp
AgMBAAGjggE0MIIBMDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDALBgNV
HQ8EBAMCBeAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBTl5yV9Fy4QmAOfSyS5YEuBXkUJ2TCBtQYDVR0jBIGt
MIGqgBQ2h6VlWKq11PvZuhUHGJBP/XH7lqGBjqSBizCBiDELMAkGA1UEBhMCVVMx
ETAPBgNVBAgTCFZpcmdpbmlhMRIwEAYDVQQHEwlBcmxpbmd0b24xDjAMBgNVBAoT
BURBUlBBMQ0wCwYDVQQLEwREQU1MMRUwEwYDVQQDEwx3d3cuZGFtbC5vcmcxHDAa
BgkqhkiG9w0BCQEWDXRoYXNoQGJibi5jb22CAQAwDQYJKoZIhvcNAQEEBQADgYEA
cwyqnF1sgtcqD93nCpNxE4jp0tIQZ0mM23dyC4ElXdgi+Ob0TJ2YkzZug5InBqsi
c1gFU3iT36RAM0ty+XVCF9iBT007nZSsfDWlmKh5Syv1opE5qAM25JF4kGOUsG97
5yZgIRZSl94Xfi0dfKiPdsSrBBX7xzZfRco8OLZ01Wo=
-----END CERTIFICATE-----
subject=/C=US/ST=Virginia/L=Arlington/O=BBN
Technologies/OU=DAML/CN=xxx.xxxx.org
issuer=/C=US/ST=Virginia/L=Arlington/O=DARPA/OU=DAML/CN=xxx.xxxx.org/Email=t
[EMAIL PROTECTED]
---
Acceptable client certificate CA names
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For
authorized use only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For
authorized use only/OU=VeriSign Trust Network
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification
Services Division/CN=Thawte Personal Fr
eemail [EMAIL PROTECTED]
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification
Services Division/CN=Thawte Personal Pr
emium [EMAIL PROTECTED]
/C=US/O=First Data Digital Certificates Inc./CN=First Data Digital
Certificates Inc. Certification Authority
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification
Services Division/CN=Thawte Personal Ba
sic [EMAIL PROTECTED]
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For
authorized use only/OU=VeriSign Trust Network
/C=US/O=GTE Corporation/CN=GTE CyberTrust Root
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust
Global Root
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For
authorized use only/OU=VeriSign Trust Network
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust
Root
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft
Root Authority
/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
---
SSL handshake has read 3471 bytes and written 318 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
1002000015ABAC4B2DAF9DA307389E76CECCAB468CBDCA06820AE0966D0C8C36
Session-ID-ctx:
Master-Key:
0B0F9E1C622CE7CF0090411AF59DFA53062DC2BDA1929B2E210204753FDFD6E6F60ADB54D6C4
BD38B4C85737C8AA62
D9
Key-Arg : None
Start Time: 1015519547
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first ce
Brandon Amundson
BBN Technologies
LAB: 703 284 8189
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
