On Thu, Feb 01, 2001 at 10:28:38AM +0100, Stephan Martin wrote:
> Hi all,
>
> i've got a problem with client-authentication via ssl-client-certificates.
>
> It's no problem to get it to work with my selfmade CA and
> client-certificates signed by this CA.
>
> But i would like to get an "official" server-certificate from thawte, verisign,
> or something like this. So i tried to use the server-certificate to sign
> the client-request and to create client-certificates with my server-key
> and not with the CA-key this way.
>
> But it looks like this won't be possible, or i'm too stupid...
>
> Has got anybody an idea if it's not possible, or what i have to look for ??
>
No, this should not be possible. Your server certificate is a server certificate
and _not_ a CA certificate. Only CA certificates should be used to sign other
certificates.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
