Ronin wrote:
Hi all,
I'm working with Sun One Application Server 7
If I import a CA (a .pem file) using the web interface I can make ssl
connections using client authentication (but only if I manually import
the CA in the browser... I don't know if this is correct).
If I import the same .pem using certutil the ssl connection isn't
established, issuing this error:
SEC_ERROR_UNKNOWN_ISSUER: Peer's certificate is signed by an unknown
issuer
I use this command:
certutil -A -n myca -t CT,, -i myca.pem -d /bla/bla
Try adding the -a option to certutil:
certutil -A -n myca -t CT,, -i myca.pem -a -d /bla/bla
When adding a cert using the -A option, the argument to
the -i option should be a DER-encoded binary file by default.
If, however, you have a base64-encoded DER file, you need
to use the -a option, too. (NSS calls base64-encoded
files "ascii", hence the name of the -a option.)
I am not that familiar with the PEM files used by OpenSSL.
I only know PEM files are base64-encoded text files. So
give the -a option a try. If it doesn't work, you need to
use the OpenSSL command-line utility to convert the PEM
file to a DER-encoded binary file for certutil.
Wan-Teh
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
