> Yes, the PKCS12 does support both keys. You however cannot download the
> PKCS12 directly into the browser. You can only download it to a file
> and then import it.
> The direct download technique is only available for the cert (which only
> contains the public key):
> http://home.netscape.com/eng/security/downloadcert.html
> (maybe old, but I didn't find any other information stating something
> else, so its ok.)
yes this worked (but only once now I can't load it again (of course I
deleted the former imported certificate first)).
> There seems to be a MIME-type for PKCS12 available:
> http://www.crosswinds.net/san-marino/~jom/filex/mime.htm
> .p12 application/pkcs-12
> .p12 application/x-pkcs-12
>
> I however don't know whether it is actually supported by Netscape.
> (If it is, please inform us.)
thanks so far. I will try it.
> You always need the pair. Whether you have to keep the private key
> private for your application is a different question you and your organization
> has to answer yourself.
of course, you are right.
> It's intention is to allow the person in question to receive encrypted emails,
> that only he can read, and to sign messages with proven authencity.
> This is broken by your concept, as you (the CA _and_ key generator)
> can read all encrypted messages and can fake the signatures of your
> clients. Hence, the automatic generation of the private key on a foreign
> server really doesn't make sense. Hence, if I would write the software,
> I would probably omit the feature you are requesting.
in this case you are right again. But I only want the user to connect to my
Server without entering his username and password. I only want to allow
this to chosen persons. For these persons I will create a certificate.
(with the fact in mind that I already have their data to create a proper
request)
Thomas
--
_________________________________________________________
Thomas Barthel e-mail: [EMAIL PROTECTED]
SuSE GmbH Nuernberg, Germany
"Internet is a wonderful mechanism for making a fool
of yourself in front of a very large audience"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
