Richard Levitte - VMS Whacker wrote:
[...]Should the two CA-Certs be self-signed? I think they have to be or else they cannot sign other requests. And if this is so, how to I merge the two certs (the self-signed one and the cross-signed) into one single cert, which can to be imported into a browser?
First, use 'openssl x509 -x509toreq' to create a CSR from the
certificate you want to cross-certify, then use 'openssl ca' to sign
it, and use a specific extension section in the configuration file
(use the -extensions option). Alternatively, the CA you want to
cross-certify with could send you the CSR they used to create their CA
certificate, and you could send them yours.
[...]
Just being a bit confused... Ted ;)
smime.p7s
Description: S/MIME Cryptographic Signature
