Rick Fister wrote:
> Hi,
>
> That's interesting... I thought the command you described below would
> generate the cert into the test.result file (DER encoded). This could then
> be sent to Netscape with the mime type of "application/x-x509-user-cert".
> You may also need to get the root CA cert into the browser in a similar
> way, using the mime type: "application/x-x509-ca-cert".
That is exactly what I currently do to load the root CA cert into the
browser.
> Once the certs are
> there, you should be able to use the Netscape "verify" button to check that
> they are okay. Once this is done, you should have a usable client cert.
Yes, both the loaded root CA cert and the loaded signed user cert (if
XX.pem is
loaded) can be looked at and verified from within the browser. I don't
know why
the browser won't accept the test.result file (if it is indeed DER
encoded).
When the server requests the user cert, it appears to receive it, but
does not
appear to be able to verify the user cert.
> I'm not sure about what needs to be done on the server side, though...
Aye, there's the rub!
> Rick
Mac
--
_________________________________________________________________
| | |
| Mac A. Cody | Principal Physics Engineer |
| Raytheon Systems Co., C3I | email: [EMAIL PROTECTED] |
| mail stop HA-36110 | phone: (972) 205-6452 |
| P.O. Box 660023 | or 1-800-752-6163 x6452 |
| Dallas, TX 75266 | fax : (972) 205-7180 |
|_______________________________|_________________________________|
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
