If you send the PEM encoded certificate to Netscape it is very fussy
about certain things, like blank lines and the header stuff (the
-----BEGIN bit). Some of it is odd. For example you can send a PKCS#7
chain instead of just a plain certificate back it auto-adds the CA if it
is valid: however it needs -----BEGIN CERTIFICATE----- at the start, not
-----BEGIN PKCS7----- or it complains. See the ca-fix question at
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html for info on what
it considers to be a valid CA.
However if you send the DER encoding of the certificate/chain then you
don't get these problems. You can get the DER encoding with e.g. x509
-outform DER -in cert.pem -out cert.der
If that doesn't work send me the certificate and I'll have a look at it.
Steve.
--
************************************************
* Dr Stephen N. Henson. *
* Freelance Cryptographic Consultant. *
* Email: [EMAIL PROTECTED] *
************************************************
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
