On Sun, Mar 07, 1999, Nuno Miguel da Cruz Neves wrote:
> I'm running Apache 1.3.4, mod-ssl 2.2.3 and SSLeay 0.9.0b.
> I've already set up the browser with SSL, and even some more stuff, and all
> works fine.
>
> The question is when I issue a client certificate. I've already read the
> ns-ca.doc and followed the instructions of F. Hirsch about the script to
> create a client certificate request. I've managed the browser (Netscape, for
> now) to recognize the certificate but when I do a verify certificate it
> gives a "Not certified for E-Mail", when I've accepted the CA that signed
> the certificate ( my own self-signed CA) to certify e-mail users!
> Does anyone have a clue on this?
> Is this a problem of ssleay, and therefore should be fine in openssl?
No, it's matter of the nsCertType extension inside the client certificate.
This field indicates for which things the certificate can be used. Look
inside Stephen Hensons's PKCS#12 FAQ and related pages for details (there is
somewhere a table describing the nsCertType values). A pointer to the PKCS#12
stuff is inside mod_ssl's Related webarea.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
