Hello, --On Juli 03, 2007 13:31:27 +0530 Vishal V <[EMAIL PROTECTED]> wrote:
Many thanks for the information. But my query is partially answered. Here it goes A) Doesn't client need server's self-signed certificate to validate the transmitted certificate? - Is Question A is true then how to obtain this certificate.
That is outside of the scope of OpenSSL. You can contact the server's admibistrator to obtain the certificate, download and store it with s_client and compare the fingerprint (by phone or other means) or contact somebody else you trust. OpenSSL can only check if a certificate was signed by a CA certificate or was self signed. The decision if YOU trust the identity that signed the certificate to sign certificates can only done by YOU.
- Also how to configure this certificate for use at the client side
That depends on the client. In openssl s_client you do that with the -CAfile option. Bye Goetz -- DMCA: The greed of the few outweights the freedom of the many
pgplGwQEmmAuK.pgp
Description: PGP signature
