At 22:13 04.04.98 -0300, you wrote:
Hi Josu�
> I'm new on this list and I'm having a problem creating certificates
>for Netscape Navigator Clients. I have created an experimental CA here
>in the company where I work, following Frederick J. Hirsch's abstract
>"Introducing SSL and Certificates using SSLeay".
> I have created the CA certificate and key and a site certificate for
>our secure site (we use Apache-SSL). I have also made a perl script to
>automatically sign site certificates with keys and csr's sent to us by
>clients, using a html page with forms.
> But, when I tried to use Hirsch's perl script to create Netscape
>Client Certificates, I found this problem:
> The Certificate is created but when I try to verify it, I receive a
>message saying that the certificate was not certified for Electronic
>Mail and that it could not be verified with success.
> Does anybody knows what's going on and how to solve this problem?
Try to change the nsCertType in your ssleay.cnf. You can limit the
application for a certficiate by setting these values (including all
combination)
0x80 (bit 0) SSL client
0x40 (bit 1) SSL server
0x20 (bit 2) S/MIME (Mail)
0x10 (bit 3) Object Sgning
0x08 (bit 4) reserved for future use
0x04 (bit 5) SSL CA
0x02 (bit 6) S/MIME CA
0x01 (bit 7) Object signing CA
Try to set:
nsCertType=0xA0 (SSLclient + S/MIME)
For further information you should read:
http://home.netscape.com/eng/security/certs.html --> Certificate Extensions
Bye,
Stephan
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
