Brandon Amundson wrote: > > I tried to do this; > > << how can you get your CA to appear in the list of acceptable ca names? > > The FAQ gives the reason for this and some more info. What it doesn't > > say is how to add your CA to the trusted list of IIS. IIRC you can do > > this via the certificate import wizard, something like clicking on the > > "show physical stores" box and trusted root->local computer. You may > > have to the reboot. You can check using s_client to see if your CA is > > then sent (see FAQ). > > I do not have an option to show physical stores, that I can find.. >
You need to start the certificate import wizard. I think its OK to do this using MSIE. If so then convert the root CA to DER format and with MSIE open select Tools->Internet Options->Content->Certificates, you may have an option in IIS to open this dialog box too. Anyway from the box click on Import... Select the file you want to import (the CA certificate in DER format). When you hit Next you'll have an option saying "Place Certificates in the following store", select that and click on Browse. Its the dialog box that then appears that has the "show physical stores" checkbox. The follow the instructions above... If it works then your CA name should appear after the line in s_client saying: > --- > Acceptable client certificate CA names Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
