Again on the same subject. Sorry for the trafic but this time I was able
to build the DER format with information from the FAQ. Only it didn't
work. I added the appropriate type in mime.types, copied my ca.cacert to
every directory of the secure server's page tree (including the
directory under cgi-bin in which the programmatic part of the site
resides) and Netscape still asks the user to acknowledge the "new
certificate".
Should I be using the SSLCACertificateFile option?
Alfredo Raul Pena wrote:
>
> Steffen Dettmer wrote:
>
> > > certificate expires, IE 3 disallows access altogether. Anyway I can hack
> > > the Registry or something like that so IE3/4/5 users can go to my site?
> > > Like, adding my phony CA to IE's list of CAs?
> > >
> > > By the way, is there such hack to Netscape too?
> >
> > take a .htaccess and include the following line:
> > AddType application/x-x509-ca-cert .cacert
> >
> > Then convert your ca-cert into "der" Format (via "ssleay -in
> > <cacert.pem-or-whatever> -out <My-Own-CA.cacert> -outform der")
> > (or was is "-infile" ? - no ssleay here ;) )
> >
> > Then upload this file to the dir with .htaccess and it should work at
> > least with Netscape 3/4 (and I think IE 4 too)
>
> You can also take the "der format" certificate file and rename it
> "something.crt". You can then place it in a floppy, doubleclick on it in
> Windows 95/98/NT and voila!!
--
___THE___ "Commercial OS vendors are, at the moment, all closed
\ \ / / economies, and doomed to fall in their competition with
\ V / open economies just as communism eventually fell."
\ / -- H. Reiser, Unix OS developer
/ \ _____________________________________________________
/ ^ \ | Juan Carlos Castro y Castro - [EMAIL PROTECTED] |
/ / \ \ | Diretor de Informática e Eventos Sobrenaturais da |
~~~ ~~~ | E-RACE CORPORATION |
RACER -----------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]