RE: Re: Importing Self-signed CA into Netscape Browser
Have you created your CA-Certificate with the steps in http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 ? Then you have the certificate in the right format. I don't know if it works under Linux/Unix if you call a certificate from a file-URL (in Windump it doesn't), try to request it via http and the loadcacert.cgi (so that the correct mime-type is transmitted). After that Netscape brings up a Window to install the Certificate automatically and no password is required. Here the installation process of the cert with pictures (but in german language): Netscape 4: http://www.weisshuhn.de/security/ssl/netscape.html Netscape 6: http://www.weisshuhn.de/security/ssl/ns6.html GreetingX, Alex --- George Walsh <[EMAIL PROTECTED]> schrieb: > Thanks for taking the trouble to respond to my apparent thick-mindedness, Alex! > > I pointed the URL to the actual test file containing the certificate: in this case > file:///opt/apache/conf/ssl.crt/ca.crt. > > Then, I hit on the security icon and asked to import the certificate. It asks for a > password(which I left blank) and then the name of the file - indicating an *.p12 >extension. > However, it will only find the file without the extensio, of course. This suggests >to me that > some kind of conversion is necessary? If I ask to look for certificates accepted (in >any > category!) nothing shows except the commercial CAs. > > Can you provide me with a further step up? > Maybe I need to go back and recreate the certificates in encryted form??? > > Thanks, Alex. > > George > > > Alex Pircher <[EMAIL PROTECTED]> wrote: > > >Can you provide the URL of loadcacert.cgi? > > > >If SSL is enabled the mime-type for certificates is ordinary correctly set in the >httpd.conf. > >So actually you don't need loadcacert.cgi, you just have to point your Browser to >the URL of > >the certificate. This worked for me without problems. > > > >GreetingX, > > Alex > > > >> I prepared the CAs using the "make certificate TYPE=custom" option. Both the >server and the > CA > >> files look fine to me and are in their proper pews. > >> There were warnings about security depth being 0, but that is to be expected >during the > creation > >> process. > >> > >> In the mod_ssl documentation the instruction asks that I 'fire up' Communicator >and use the > Perl > >> script loadcacert.cgi in the pkg.contrib directory to load the CA into the >browser. > >> > >> Then I have to 'walk through the dialog boxes'. > >> > >> Well, this is all too simple for me to comprehend. I can execute the script file >and it > assigns > >> the x509 type, determines the length and prints out the certificate data, but >that doesn't > get > >> into Communicator, so nothing really happens. How do I tie the script output into > Communicator > >> to trigger what should be happening? > >> > >> Or is there a more straightforward way??? > >> > >> Thanks, > >> > >> George Walsh, > >> Managing Director > >> Travel Seewise Pacific Corp > >> > >> -- > >> George Walsh, > >> Managing Director, > >> Travel Seewise Pacific Corp > >> Vancouver Canada __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de
RE: Re: Importing Self-signed CA into Netscape Browser
Thanks for taking the trouble to respond to my apparent thick-mindedness, Alex! I pointed the URL to the actual test file containing the certificate: in this case file:///opt/apache/conf/ssl.crt/ca.crt. Then, I hit on the security icon and asked to import the certificate. It asks for a password(which I left blank) and then the name of the file - indicating an *.p12 extension. However, it will only find the file without the extensio, of course. This suggests to me that some kind of conversion is necessary? If I ask to look for certificates accepted (in any category!) nothing shows except the commercial CAs. Can you provide me with a further step up? Maybe I need to go back and recreate the certificates in encryted form??? Thanks, Alex. George Alex Pircher <[EMAIL PROTECTED]> wrote: >Can you provide the URL of loadcacert.cgi? > >If SSL is enabled the mime-type for certificates is ordinary correctly set in the >httpd.conf. >So actually you don't need loadcacert.cgi, you just have to point your Browser to the >URL of >the certificate. This worked for me without problems. > >GreetingX, > Alex > >> I prepared the CAs using the "make certificate TYPE=custom" option. Both the server >and the CA >> files look fine to me and are in their proper pews. >> There were warnings about security depth being 0, but that is to be expected during >the creation >> process. >> >> In the mod_ssl documentation the instruction asks that I 'fire up' Communicator and >use the Perl >> script loadcacert.cgi in the pkg.contrib directory to load the CA into the browser. >> >> Then I have to 'walk through the dialog boxes'. >> >> Well, this is all too simple for me to comprehend. I can execute the script file >and it assigns >> the x509 type, determines the length and prints out the certificate data, but that >doesn't get >> into Communicator, so nothing really happens. How do I tie the script output into >Communicator >> to trigger what should be happening? >> >> Or is there a more straightforward way??? >> >> Thanks, >> >> George Walsh, >> Managing Director >> Travel Seewise Pacific Corp >> >> -- >> George Walsh, >> Managing Director, >> Travel Seewise Pacific Corp >> Vancouver Canada >> >> >> >> __ >> Your favorite stores, helpful shopping tools and great gift ideas. Experience the >convenience of >> buying online with Shop@Netscape! http://shopnow.netscape.com/ >> >> Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ >> >> __ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List [EMAIL PROTECTED] >> Automated List Manager[EMAIL PROTECTED] > >__ >Do You Yahoo!? >Gesendet von Yahoo! Mail - http://mail.yahoo.de >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] > -- George Walsh, Managing Director, Travel Seewise Pacific Corp Vancouver Canada __ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Importing Self-signed CA into Netscape Browser
Can you provide the URL of loadcacert.cgi? If SSL is enabled the mime-type for certificates is ordinary correctly set in the httpd.conf. So actually you don't need loadcacert.cgi, you just have to point your Browser to the URL of the certificate. This worked for me without problems. GreetingX, Alex > I prepared the CAs using the "make certificate TYPE=custom" option. Both the server >and the CA > files look fine to me and are in their proper pews. > There were warnings about security depth being 0, but that is to be expected during >the creation > process. > > In the mod_ssl documentation the instruction asks that I 'fire up' Communicator and >use the Perl > script loadcacert.cgi in the pkg.contrib directory to load the CA into the browser. > > Then I have to 'walk through the dialog boxes'. > > Well, this is all too simple for me to comprehend. I can execute the script file and >it assigns > the x509 type, determines the length and prints out the certificate data, but that >doesn't get > into Communicator, so nothing really happens. How do I tie the script output into >Communicator > to trigger what should be happening? > > Or is there a more straightforward way??? > > Thanks, > > George Walsh, > Managing Director > Travel Seewise Pacific Corp > > -- > George Walsh, > Managing Director, > Travel Seewise Pacific Corp > Vancouver Canada > > > > __ > Your favorite stores, helpful shopping tools and great gift ideas. Experience the >convenience of > buying online with Shop@Netscape! http://shopnow.netscape.com/ > > Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]