Problem is that this only patches the certificate when it is
already in the client browser's certificate database. So, for
clients to use 128 bit encryption, they either have to use the
Fortify patch or the tagcert application. Neither of these
solutions is very "clean". Is it possible to tag the Global
Server ID field of the CA certificate BEFORE the certificate
is imported into a particular browser's certificate database?
This would make life so much simpler.
You might be able to set up a Javascript or Java page that installs
the CA certificate and then patches the cert7.db file on the client
side. The client would run that instead of importing the .crt file in
the usual way. But if you're going to do that, you might instead
fortify the browser the same way.
Note that all of these solutions (Fortify, tagcert, etc.) are Netscape
specific. None of them take care of the problem with MSIE. I don't
know if MSIE is inherently harder, or simply that no one has bothered
with it.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
