At 13:02 22.11.2002 +0100, you wrote:
As far as I know there are only two ways for importing a CA certificate
into Netscape browser:

        1) Through an HTTP/HTTPs connection to a Web server hosting the
CA certificate (using MIME type application/x-x509-ca-cert)

        2) Importing it piggybacked in an user PKCS#12 (i.e., you import
an user certificate and the CA certificate)

I have never used PKCS#12 for importing CA certificates only .It bothers
me to learn that it could be a proper usage of PKCS#12 format. I always
thought about it as a means for moving certs and keys around with
certain amount of confidentiality and integrity.

It is kind of annoying that every PKI paper states the need for
out-of-band initialization of CA certificates and Netscape/Mozilla
browsers does not support common formats (IE uses PKCS#7 for example,
much more suited to this purpose).

Hope it helps
Err, folks. I just took a ca.cer file with a normal DER-encoded CA certificate,
chose "open file" in Mozilla 1.1 and I got a nice dialog box:
"You've been asked to trust a new CA
( ) trust this CA to identify web sites
( ) trust this CA to identify email users
( ) trust this CA to identify software developers
View file/OK/Cancel"

What is your problem?

Jörn

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to