under windows 2000 (and nt4 afaik) with outlook 2000 and IE5 (don't know if works for "less" than this) you can install the certificate in each client by hand quite easily... if the file name has ending ".cer" then windows appears to recognize it and calls it "Security Certificate"... double click on this and hit "Install Certificate..." / Next / Next / Finish / OK / OK ... thats it...
getting the cert to the client is another matter :-) Sean Haikel wrote: > > Hello, > > I think you have to install the CA certificates in your client > browser. I know two techniques you can use: > > 1. your client can download your CA certificate from you web site ( > you need to use the mime type application/x-x509-ca-cert in your > httpd.conf file) > 2. or you can generate, for each one of your end users, a PKCS#12 > file containing his private key his certificate and your > CA certificate > > I' hope that my answer, be helpful > bye > > Zachary Denison a écrit : > > > Hi, > > > > I am using openssl to secure a number of services in > > my organization: http, imap, smtp, ldap etc... > > > > For our internal servers we have been able to generate > > CA certs with openssl and sign our own certificates > > and all the services work great, EXCEPT the client > > software always complains that the certificate chain > > doesn't end with a trusted CA. I am speaking > > specifically about MS-outlook and netscape. outlook > > complains every single session where netscape at least > > gives you the option to accept the certificate > > forever. > > Anyway I am sure other clients would complain too. > > > > My question is how can I prevent these messages, how > > can I get the client software to trust our own CA > > cert. On the web I searched and someone said to make > > a pkcs12 client cert.. anyway I tried that in a number > > of ways and it didnt work... And I really dont care > > about verifying the client... I to just make the > > client trust the homegrown ca. > > > > Any help would be much appreciated. > > Thanks > > Zachary. > > > > __________________________________________________ > > Do You Yahoo!? > > Make a great connection at Yahoo! Personals. > > http://personals.yahoo.com > > > > _____________________________________________________________________ > > > > OpenSSL Project > > http://www.openssl.org > > User Support Mailing List > > [EMAIL PROTECTED] > > Automated List Manager > > [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
