Hi Jorge, I think this is a bug of Netscape as IE will prompt for you to accept the CA certificate. A workaround is to download CA cert and user cert separately. If you download CA cert with MIME type application/x-x509-ca-cert, Netscape will guide you to accept the CA cert. Rgds. Martin Jorge wrote: > Hello all, > I created a PKCS7 chain certificate including a final user cert and the CA > cert. I created it with > openssl crl2pkcs -nocrl -certfile user.pem -certfile ca.pem -outform > PEM -out user.p7 > > I've succesfully sent it to netscape (after changing "BEGIN PKCS7" with > "BEGIN CERTIFICATE") as application/x-x509-user-cert. Both certificates > install OK in Netscape, but by default the CA certificate is not trusted. > I must edit it and enable the "Accept this Certificate Authority for > Certifying network sites/e-mail users" boxes. > Do you know any way to accept the certificate trusted? > If not possible, how could I set this up for not experienced users? > > Thanx in advance > > Jorge Castello > [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]