> Anyone there have any information on generation of client certificates with openssl?
>I can generate them (albeit only for Netscrape at the moment - IE doesn't seem to be
>playing ball) but Netscape won't verify them claiming it's not certified for email.
Check to see the CA that has certified them has it's certificate set for
"trust this CA for signing email clients" or something quite similar to
that.
> On a related note, why can't I as the CA generate both public and private keys and
>then install them both in a browser?
I think you can. Just generate a keypair, sign the key, and output the
whole as an pkcs12 packet. This should be importable to your netscape
browser (although I confess I never tested this scenario as it would not
work in our office...)
Jan
--
alive=true
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
