Matthew Hall wrote:

> I'm trying to find out how to take my ca.crt file (signed
> by my own CA self) and convert it to pkcs12 format for importation
> into Mozilla, so that Mozilla will recognize anything else signed
> by me as 'OK'.

If indeed a PKCS#12 can include a CA certificate as well as an
end user certificate and a private key for same, is there a kluge
solution in making a PKCS#12 with a throw-away certificate just for
the side effect of bringing the CA certificate along with it?

And what happens with trust when the PKCS#12 is imported?  Does the
CA certificate automagically get marked as trusted, or is there a
manual further step of setting the trust (and maybe deleting the
throw-away certificate)?

All in all it might be cleaner just to load the cert from a web
page.  It's not that hard to do.  Is there any way to get a file://
URL to have a mime type of x-x509-ca-whatever???

-- 

Charles B. (Ben) Cranston
mailto:[EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to