Hi, I am using openssl to secure a number of services in my organization: http, imap, smtp, ldap etc...
For our internal servers we have been able to generate CA certs with openssl and sign our own certificates and all the services work great, EXCEPT the client software always complains that the certificate chain doesn't end with a trusted CA. I am speaking specifically about MS-outlook and netscape. outlook complains every single session where netscape at least gives you the option to accept the certificate forever. Anyway I am sure other clients would complain too. My question is how can I prevent these messages, how can I get the client software to trust our own CA cert. On the web I searched and someone said to make a pkcs12 client cert.. anyway I tried that in a number of ways and it didnt work... And I really dont care about verifying the client... I to just make the client trust the homegrown ca. Any help would be much appreciated. Thanks Zachary. __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
