On Mon, Jul 04, 2005, Uri wrote: > Dr. Stephen Henson wrote: > > >PKCS#12 isn't an appropriate format to just import a certificate. You need > >to use PEM or DER form and an appropriate extension such as .crt. > > > > > I figured this out too late. PEM isn't accepted by Windows, but DER > (luckily!) is, so now I'm just using DER. >
PEM should be accepted but its very picky about any extra data before the -----BEGIN CERTIFICATE----- line. > >If this certificate is to be used in an SSL server you shouldn't import it > >anyway, just the root CA certificate is sufficient. > > > > > True. As IPsec peers can exchange their certs automatically. > and I don't think Windows supports verification based just on server certificate. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
