Indeed, I am suspicious that this is why a certificate I created for my mail server has stopped working for Outlook XP (does work for Outlook versions before XP). I am really really hoping that someone can answer this....
Cheers! --- Ingo Kappler <[EMAIL PROTECTED]> wrote: > Hi, > > half a year ago I created a certificate for ssl encrypted mail on a > server. This certificate worked fine with different browsers except > Netscape 7 or Mozilla 1, probably because of a bug. On the Netscape > security maillinglist I got the following answer: > ### > issue your server a new cert that really is self-signed and really > is self-issued. I don't know why your present certificate isn't > really self signed. Since you made it with OpenSSL, you'll have to > ask some OpenSSL folks what to do differently to be self signed. > ### > > Sorry, but I'm not very familiar with openssl. I used the following > commands to create the cert: > ### > echo "create a new Certificate Authority certificate" > > ../CA.pl -newca ; > mv demoCA/cacert.pem demoCA/cacert.pem.old ; > openssl x509 -in demoCA/cacert.pem.old -signkey > demoCA/private/cakey.pem -days 1825 -out demoCA/cacert.pem ; > rm demoCA/cacert.pem.old ; > openssl x509 -inform pem -in demoCA/cacert.pem -outform der -out > demoCA/cacert.der ; > > echo "now create and sign the new mail certificate" > > openssl req -new -nodes -keyout mail.key.pem -out mail.req.pem ; > openssl ca -policy policy_anything -out mail.cert.pem -infiles > mail.req.pem ; > openssl gendh 512 > mail.dh.pem ; > > echo "now paste everything together that you need" ; > echo "the private key, the signed certificate and the dh > parameters" ; > > cat mail.key.pem mail.cert.pem mail.dh.pem > PT-imaps-ipop3d.pem ; > ### > > Thanks to Mark, who posted this way on this list some time ago. > > If I use this way, the cert is not really selfsigned and > selfissued. What have I to change? > > Thank-you, > Ingo > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
