Ma'rt Laak wrote:
>
> Hello!
>
> Preface:
> I can successfully create and install client certificate into
> netscape from SPKAC request:
> openssl ca -config X -spkac X -out client.crt -days X
> and sending it back to browaser with header:
> Content-Type: application/x-x509-user-cert
>
> Question:
> I'd like to include CA cert also into my response to browser.
> Manuals say you have to generate PKCS#7 for that with command
> openssl crl2pkcs7 -certfile client.crt -certfile ca.crt -outform
> DER -out X -nocrl
>
> But when I send this file back to browser it says to me
> "The Private Key for this certificate can not be found in your key
> database." Probably it sees the CA-s certificate and tries to find
> corresponding private key for it.
>
Hmmm... check the certificates are in the right order using
openssl pkcs7 -in whatever -print_certs -inform DER
the *first* certificate must be the user certificate.
You might also want to try using a netscape certificate sequence.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]