RE: Import certificates in Netscape

Wed, 22 May 2002 09:41:25 -0700 

> Then I create client certificates with openssl, all is OK, 

You don't provide the actual commands you use to generate
the client certs, or how you know that all is OK...

> but when I want to import them in Netscape (4.74) I have an 
> error like : "Unable to import certificates. the file 
> specified is either corrupt or is not a valid file."

So here are the commands that I use to generate either
MSIE client certs or Netscape 4 client certs:

Notes:

  $certificate_request = full filename of request
  $startdate           = date cert is valid from
  $days                = number of days cert is valid

Calculate these filenames based on the request name:
  $certificate_der     = working DER format cert
  $certificate_pem     = final name of PEM cert

I keep my CA in /etc/ca

Commands used to generate client certs:
MSIE:
  openssl ca 
   -config $config 
   -gencrl 
   -in $certificate_request 
   $startdate 
   -days $days 
   -out $certificate_der

  openssl 
    crl2pkcs7 
    -in /etc/ca/crl.pem 
    -certfile $certificate_der
    -certfile /etc/ca/cacert.pem
    -outform PEM 
    -out $certificate_pem 
   
NETSCAPE:   
  openssl ca 
    -config $config 
    -gencrl 
    -spkac $certificate_request 
    $startdate 
    -days $days 
    -out $certificate_der

  # NS requires a PEM encoded x509-user-cert
  # MUST deliver as application/x509-user-cert mime type
  openssl x509 
    -inform DER 
    -in $certificate_der 
    -outform PEM 
    -out $certificate_pem


Hope it helps. 
Regards

Jeff

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of GRASSET Guillaume
Sent: 21 May 2002 15:26
To: [EMAIL PROTECTED]
Subject: Import certificates in Netscape


Hi,

I have installed apache with mod_ssl and it works well.
Then I create client certificates with openssl, all is OK, but when I
want to import them in Netscape (4.74) I have an error like : "Unable to
import certificates. the file specified is either corrupt or is not a
valid file."


I don't find it in FAQ List, so if anybody can help me...


Thanks in advance

Guillaume Grasset

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to