At 13:02 22.11.2002 +0100, you wrote:
As far as I know there are only two ways for importing a CA certificate into Netscape browser:1) Through an HTTP/HTTPs connection to a Web server hosting the CA certificate (using MIME type application/x-x509-ca-cert) 2) Importing it piggybacked in an user PKCS#12 (i.e., you import an user certificate and the CA certificate) I have never used PKCS#12 for importing CA certificates only .It bothers me to learn that it could be a proper usage of PKCS#12 format. I always thought about it as a means for moving certs and keys around with certain amount of confidentiality and integrity. It is kind of annoying that every PKI paper states the need for out-of-band initialization of CA certificates and Netscape/Mozilla browsers does not support common formats (IE uses PKCS#7 for example, much more suited to this purpose). Hope it helps
Err, folks. I just took a ca.cer file with a normal DER-encoded CA certificate, chose "open file" in Mozilla 1.1 and I got a nice dialog box: "You've been asked to trust a new CA ( ) trust this CA to identify web sites ( ) trust this CA to identify email users ( ) trust this CA to identify software developers View file/OK/Cancel" What is your problem? Jörn ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
