:I think previously I misunderstood you - now just for my understanding - :I should create a selfsigned CA just for signing the server certificate :and then import in the keystore the client certificates which are signed :with the org's standard CA cert. And then the client browsers should be :made aware of this selfsigned CA in addition so that they can "verify" :the server authenticity?
:Is that right? (it sounds actually logical to me :-)) At least, theoretically, it should work. That's the basic idea of a trust hierarchy. Give it a shot, and please report results back to the list. I haven't pondered the long-term effects of maintaining two separate CAs (there are ups and downs) but I'll leave that as an exercise for you. ;) -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]