On Thu, Apr 06, 2006, Francisco Javier Martinez Martinez wrote: > > Now I could import this .der certificate in my browser-certs repository, > and I could see it as a intermediate CA, and the root CA certificate in the > correct windows repository. > > But with this way I had to spread two certificates for the customers. And I > was wondering if there is a way to spread only one file with the two > certificates, already browsing the mailing lists I had found that pasting > the root CA Cert and subCa cert directly with 'cat file1 file2 > file3 ' or > others similars methods it would works, but not for me :(. >
No you always need to send two certificates, it depends on what you want to do. If this is for a webserver then clients just need to install the root certificate and your server needs to be configured to include the subordinate CA. A client will then automatically trust the subordinate CA because it is signed by a trusted root CA. If you are issuing client certificates then you need to include the full chain but that can be packaged into a single file (for example a PKCS#12 file). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
