On Tue, Oct 06, 1998, sTeFFeN wrote:

>[...]
> I set up a CA with SSLeay, made a cert for apache, signed it, ok. To avoid
> Netscape's security check questions, I "uploaded" the CA's certificate
> useing the mime-type "application/x-x509-ca-cert", and now Netscape is
> accepting all my self-CA-signed certs. 
> 
> But Netscape stores this database in the home of the user
> (~/.netscape/cert?.db). This is the problem: We have LOTS of users, and I
> want not to force all that users to click on the CA-download link, and let
> them compare the fingerprint and so on.
> 
> Is it possible to install this CA so, that netscape accepts this for all
> users? 
>[...]

I don't know of any such mechanism and I also think it would be not a good one
(because it can force the user to implicitly trust CAs he doesn't know).  But
when you want to automatize the CA cert insertion you can do a dirty hack we
used some time ago at our Intranet: Create a wrapper for the "netscape"
program. This does the following: When ~/.netscape/certX.db exists and this
one is _exactly_ the default file then replace it with the extended version,
i.e. the default file with your additional CA cert. This extended version you
can create by just once manually doing the CA cert insertion yourself.

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to