I've spent too much time trying to figure out something that is probably well know here.
I have a restricted community application that seems a perfect fit for using openssl to self-generate our own CA, and self-sign it, and self-generate our own web client authentication certificate and self-sign them. All this so that we can validate the Distinguished Name presented when web browser connecting to our nginx web server. I have done all this many times but have not been able to get various web browsers to use the self-generated/self-signed client authentication certs. I have imported both the CA.crt and the client.crt into the OS certificate store. But after that the web browser does not seem to use the cert for authentication. I've tried to set the properties on the imported certificate to be used for "web client authentication". - it just does not work! I just cannot keep spending time on this problem. If I cannot find help, I will urge the the requirement for client certs be dropped from the project. (personal lore) It seems that the web browsers fail because our self-generated/self-signed CA is not signed by some higher CA that is trusted. Is that true or false? If it is false, I need help to overcome the failure of the web browsers to correctly use our certs. Thanks!!!! David -- View this message in context: http://old.nabble.com/self-generated%2C-self-signed-root-CA-and-Client-Auth-Certs-not-working-tp33965371p33965371.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
