On Sat, Sep 11, 2004, Steve Ankeny wrote: > Sorry about the html .... > > First of all, I am using Mozilla. I never use IE >
What version of Mozilla are you using? If you have a newer version then you will have an "Import" button. You select Edit->Preferences->Private & Security->Certificates. Then click on "Manage Certificates" and the "Authorities" tab. Then try the "Import" button. If, as I suspect, you are trying the "Import" button under "Your certificates" then it will expect a PKCS#12 file. > Secondly, every time I try to import the 'server.crt' it complains that > it is not in 'pkcs12' format. > > Thirdly, the CA.pl "guides" are just as confusing as the OpenSSL guides. > You just need the examples. This will do the trick... CA.pl -newca CA.pl -newreq CA.pl -signreq The CA certificate is then in demoCA/cacert.pem, the new certificate in newcert.pem and the private key in newreq.pem. > I have yet to find a clear-cut description of how to create your own CA; > certificate signing requests and certificates without finding error > somewhere in the commands. No one has been clear on this subject. > Well if you get errors with the above commands please say what they are, that is assuming they aren't answered in the FAQ. > > You are correct in your observation that I should be able to connect > without importing the certificate. But I don't know what is wrong. > > It would help if you said what error Mozilla is giving. Well you can check the webserver is OK using OpenSSLs s_client command: openssl s_client -connect myhostname.org:443 If that connects OK then at least the secure server is running and seeing the certificates. Then the error might be that Mozilla doesn't like the certificates: some "guides" suggest ways that produce invalid certficates. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
