>
>Hi, SSL folks, I setup a CA of my own, then I issued certificates to
>some servers for test purpose. Then I ran into trouble. On Netscape
>Gold 3.0, it reports invalid public key within server certificate, or
>invalid certificate signature. But IE and Communicator runs all OI. So
>So what's the point?
>
I've had similar problems with certificates. I'm using SSLeay v0.8.1
If I create a test certificate using the following command...
req -new -x509 -nodes -keyout test_key.pem -out test_cert.pem -days 365
And use it with my server, it works with my server and loads into Netscape
just fine and loads into Netscape and Communicator just fine and I can
view the certificate.
If I create a CA certificate with the following....
req -new -x509 -keyout /private/ssl_certs/private/cakey.pem -out cacert.pem -days 1825
The CA cert loads into Netscape and Communicator just fine and I can view
that certificate with no problems.
But....
If I remove my CA certificate from Netscape, and I create a
certificate for my server and sign it with the CA certificate I just created
and try to load it without the CA certificate (which you are supposed to do
and Netscape compalins about not being able to find the CA) I can't view
the server certificate and Netscape crashes. The certificate works with
the server, and I can start a secure connection with it and all, but if I
try to view the certificate or try to delete the certificate, Netscape
crashes with a access violation.
I'm not sure what to do and would appreciate any and all help on this as I'm
kinda new to this.
+------------------------+--------------------------------------------+
| Robert Alan Byer | A-Com Computing, Inc. |
| Vice-President | 115 W. Washington Street, Suite 1165 |
| A-Com Computing, Inc. | Indianapolis, IN 46204 |
| Phone: (317)632-0831 | http://www.all-net.net/ |
+------------------------+-----+--------------------------------------+
| [EMAIL PROTECTED] | I don't want to take over the world, |
| http://www.all-net.net/~byer | just my own little part of it. |
+------------------------------+--------------------------------------+
| Send an E-mail request to obtain my PGP key. |
+---------------------------------------------------------------------+
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
