On Tue, 9 Mar 1999, Wade L. Scholine wrote:
> Erwann ABALEA writes:
> >
> > On Thu, 4 Mar 1999, Wade L. Scholine wrote:
> >
> > > What does NS mean by 'Personal Certificate' in this
> > context? I would have
> > > thought that the Entrust and Verisign samples would qualify.
> >
> > Your server has a list of acceptable CAs, and sends this list to the
> > browser, which then asks the user to choose into a list of
> > certificates
> > signed directly or indirectly by the server's CA certs...
> >
> > What you have to do is get a user certificate for your
> > Netscape, and put
> > the CA certs into your s_server configuration...
>
> I'm afraid I don't understand. Are you saying that I need a copy of
> Verisign's or Entrust's root CA cert to load into s_server in order to make
> this work?
Yes... You have to put them al in one file, and add the -CAFile (from
memory) switch to the s_server command... Unless you do that, you won't be
able to verify authenticity of the client certificates. And your clients
won't be able to send you a certificate.
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]