--- Bernhard Froehlich <[EMAIL PROTECTED]> wrote: > l Burnerheimerton wrote: > > I am new to this but I think what I want is to use > a > > private key client X.509 certificate and install > it on > > clients' web browsers to use as access control > from > > only thos authorized to access and decypt data > only > > they should be allowed to see. > > > > I am using openssl, linux enterprise (old > version), > > Apache 1.3, and php 4.3. > > > > Many thanks for any links with clear instructions > on > > how to create a private/client cert, export it and > > install it on client browser! > > > The "manual" way to do this is creating keypair and > certificate with > openssl, stuff the whole thing into a PKCS#12 bag > and import it into > your browser. At least this should work with Mozilla > et al. and Internet > Explorer. You may start with the manual pages > http://www.openssl.org/docs/apps/req.html, > http://www.openssl.org/docs/apps/CA.pl.html and > http://www.openssl.org/docs/apps/pkcs12.html. Maybe > I can find the time > this evening to write a sample script for you. > > The manual way is not really comfortable for "the > average user", so if > you want to issue certificates for those I'd advise > you to build a web > interface for requesting certificates. If that's > what you need I can > have a look if I can give you some sample code. > > Hope it helps. > Ted > ;)
Ted - many thanks for your help. Just so I understand correctly, I generate a private key certificate using openssl to export it to a file that would then be imported into a browser. I can then use that server key to encrypt data that only those users for whom I have generated, and they have installed, a private certificate can decrypt. Is that right? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
