I'm trying to be my own, personal CA. The plan is to create my own, self-signed CA cert, import that cert as a trusted authority on Thunderbird, Firefox, whatever.... and then create certs (signed by my new CA cert) for use on the various servers that I and a few other friends use.
Using the openssl CA.pl script, I did the following: CA.pl -newca CA.pl -newreq CA.pl -sign At this point, I've got my cacert.pem, newreq.pem, newkey.pem, and newcert.pem. newcert.pem includes both a "-----BEGIN CERTIFICATE----- " section as well as what looks to be the human-readable output you get from 'openssl -text ...". So, I removed the passphrase from the new privkey and tacked it onto the cert with something pretty much like: openssl rsa < newkey.pem >> newcert.pem I then configured my courier-imap daemon to use this cert. *BEFORE* I imported my new CA cert into Thunderbird, I tried to fetch my mail. T-Bird, of course, complained about a cert that it couldn't verify. When I click on "Examine Certificate..." the dialog box tells me that it can't verify it because it doesn't know who issued it. THEN... I imported the cacert.pem into T-Bird's "Authorities" section and I click all three boxes "This certificate can identify websites", "...identify mail users", and "...identify software makers". Then, I try to fetch my mail again and T-Bird complains that it can't verify the cert. I click on "Examine Certificate..." and THIS time, it says ""Could not verify this certificate for unknown reasons". I can only guess that either the CAcert or the cert I signed with it isn't exactly how its supposed to look... but I'm at a loss as to how to find out what the problem is. Any ideas? _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto