However, if I use a certificate signed by the root CA, and I connect to the webserver, how do I install the root CA inside the browser without creating too much problem for the user so that the Certificate trust tree can be established. Can I use a script to inform the user, to download the root CA. Any ideas on the questions?
Cheers
Franck
On 02 Nov 2001 12:27:25 +0000, Dr S N Henson wrote:
> > Franck Martin wrote: > > > > I have just written a little HOWTO, to be able to handle certificates. > > I'm happy to receive comments and suggestions to improve it. > > > > An alternative location for the OpenSSL configuration file can be > specified using the environment variable OPENSSL_CONF. > > The command to setup a new CA is CA.pl -newca . > > You should not use the root CA certificate in the server and you should > not remove the protection on its private key. > > Instead you should create a separate request and certificate for the > server, signed by the root CA. > > Steve.
