As far as I know there are only two ways for importing a CA certificate into Netscape browser:
1) Through an HTTP/HTTPs connection to a Web server hosting the CA certificate (using MIME type application/x-x509-ca-cert) 2) Importing it piggybacked in an user PKCS#12 (i.e., you import an user certificate and the CA certificate) I have never used PKCS#12 for importing CA certificates only .It bothers me to learn that it could be a proper usage of PKCS#12 format. I always thought about it as a means for moving certs and keys around with certain amount of confidentiality and integrity. It is kind of annoying that every PKI paper states the need for out-of-band initialization of CA certificates and Netscape/Mozilla browsers does not support common formats (IE uses PKCS#7 for example, much more suited to this purpose). Hope it helps -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matthew Hall Sent: Friday, 22 November, 2002 9:13 To: [EMAIL PROTECTED] Subject: Re: Converting own CA certificate to pkcs12 On Thu, 21 Nov 2002, mikecross wrote: > Seems to me that you problem is that you didn't supply password. > PKCS12 format stores Private + Public key pair > encrypted with password. Why would I want to store all this in a pcks12 file that I want to give to clients/other people to import into their browser? Why would I want to encrypt it when I want it made freely available? Anyway - if someone could confirm how to take a Certificate Authority Certificate, convert it into pkcs12 and put it into a form for Mozilla or Netscape to import, that would be great. > > Converting it to DER format was easy: > > > > openssl x509 -in ca.crt -out ca.der -outform DER > > > > I'm having issues doing the same with pkcs12, I > > found something > > that seemed close: > > > > openssl pkcs12 -export -inkey ca.key -in ca.crt -out > > ca.p12 -name > > "Angui.sh Certificate Authority" > > > > But I thought I remember seeing a warning against > > doing that since > > it may include sensitive information into that file. > > And what's with > > the Export and Import passwords? What are they > > exactly? Am I missing > > some other command-line args, or is there a better > > way? > > > > Can someone help? > > > > Thanks! > > > > -- > > It's always September somewhere on the 'net. | http://angui.sh > > Another proud member of Eep's killfile. | Unix > > Sys. Admin. > > unreal://angui.sh | > > [EMAIL PROTECTED] > > > > > ______________________________________________________________________ > > OpenSSL Project > > http://www.openssl.org > > User Support Mailing List > > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus – Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- It's always September somewhere on the 'net. | http://angui.sh Another proud member of Eep's killfile. | Unix Sys. Admin. unreal://angui.sh | [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]