At 13:02 22.11.2002 +0100, you wrote:
As far as I know there are only two ways for importing a CA certificate
into Netscape browser:
1) Through an HTTP/HTTPs connection to a Web server hosting the
CA certificate (using MIME type application/x-x509-ca-cert)
2) Importing it piggybacked in an user PKCS#12 (i.e., you import
an user certificate and the CA certificate)
I have never used PKCS#12 for importing CA certificates only .It bothers
me to learn that it could be a proper usage of PKCS#12 format. I always
thought about it as a means for moving certs and keys around with
certain amount of confidentiality and integrity.
It is kind of annoying that every PKI paper states the need for
out-of-band initialization of CA certificates and Netscape/Mozilla
browsers does not support common formats (IE uses PKCS#7 for example,
much more suited to this purpose).
Hope it helps
Err, folks. I just took a ca.cer file with a normal DER-encoded CA certificate,
chose "open file" in Mozilla 1.1 and I got a nice dialog box:
"You've been asked to trust a new CA
( ) trust this CA to identify web sites
( ) trust this CA to identify email users
( ) trust this CA to identify software developers
View file/OK/Cancel"
What is your problem?
Jörn
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]