Re: Client authentication

[Tim (not representing his employer's opinions)]

Philibert de Mercey wrote:
> 
> Hi,
> 
> I'd like to test the whole process of client authentication with ApacheSSL,
> and I really don't know how to create a 'digital ID' for IE or Netscape.
> I created a key, then a CSR, signed this request with my own CA, translated
> the cert in DER. I have succeded in registering the CA in IE 5, but I
> couldn't manage to import this private key and cert in Netscape or IE.
> 
> Is there any known way to generate 'easily' a file IE-readable that would
> contain both the private key and the certificate ?

There's some hosed-up-edness that takes place in NS and IE4 which you
have to dance around.  When I did it, I found this documentation to be
extremely useful:

http://www.drh-consultancy.demon.co.uk/pkcs12usg.html

I suspect you will, too.

Also, take a look at my instructions for employees at my previous
employer and try reversing them, that will help you as well.

http://bucks.macrosr.com/ssl/

I was actually rather proud of that project, but my boss and I did not
get along well.  Note that sending the default-passworded certs to the
users was only ever done internally; the "home or laptop" certs had a
user PW which was agreed upon over the phone, and only then would the
certs be mailed outside the internal network.

-- 
           "The classics never die,
            they just get ported to
            strange new platforms."
                 --Rob Malda
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]