When a client browser reaches an SSL-secured page, the browser checks to see whether the 'server' certificate is trusted. In Internet Explorer 5.5, you can view a list of trusted certificates from: (Menu) Tools|Internet Options... -> Content TAB | Certificates.. BUTTON. You should be able to view all installed certificates.
These certificates have either been pre-installed, or installed when visiting an SSL-site and agreeing to download. This is how a 'client' certificate exists. An easy way of getting hold of the 'client certificate' that you yourself have signed (mine is attached) is by going to your own site and agreeing to trust your site (!). The certificate would then be installed on your machine. Then view all installed certificates (explained above for IE), and Export the certificate. Doing all this allows you to pass on a copy of your certificate to someone, and tell them to Import it into their trusted list. I feel it's all a bit unneccesary, but now you should be "able to create a client certificate which is signed by my own CA for client authentication." ! Shiraz -----Original Message----- From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 12:43 AM To: [EMAIL PROTECTED] Subject: Re: Creating client certificates ? [EMAIL PROTECTED] wrote: > > Hello modssl users ! > > I managed to set up an ssl aware web server. > Although I searched the web and also the list > archive I haven't been able to create a client > certificate which is signed by my own CA for > client authentication. > > Could someone describe the process of creating > such a certificate in detail ? Thank you Owen for your answer but you misunderstood my question. And you Maik misunderstood my question, too. I, of course, read the FAQ and all the other available docs but they say nothing about creating client (!) certificates ! The process of creating a server certificate is sufficiently documented in the FAQ and it was no problem for me to create it. My question is: How can I create client (!) certificates for client authentication to the server and not server certificates ?! Anyone ? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
designlinks.cer
Description: application/x509-ca-cert