'Re: SSL certificates'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-isp
Subject:    Re: SSL certificates
From:       Ulf Zimmermann <ulf () Alameda ! net>
Date:       2002-06-03 21:23:08
[Download RAW message or body]

On Mon, Jun 03, 2002 at 01:56:50AM -0500, James wrote:
> Thus spake Mark Bojara (mark@mics.co.za):
> 
> > so do I have to have a physical link to a .pem file or can I use the
> > certificate on a SSL site and it will ask them to install it?
> 
>     A physical link will do the trick.  For security purposes, clients
>     should only accept a new CA certificate when it's explicitly requested,
>     or is included in a pack with a client cert they're importing.
>     
>     Name it something like ca.crt, and make sure the content-type is set
>     properly.  Then they can go to http://something/path/to/ca.crt and
>     their browser should take care of it automatically.  Wheeee.
> 
>     To be safe, look for:
>     AddType application/x-x509-ca-cert .crt
>     in your apache config.
> 
>     If you'd like it to be something.pem, just pop in another AddType for
>     it.
> 
>     HTH.
> 
> -- 
>  James <oneiros@darkspire.net>       A cat stalking near
>  uri: http://oneiros.darkspire.net/  the Emperor's palace. A
>  1024D/62C2F77D                      crouching cat. A fox.

Gotta ask if someone here knows what the problem could be. I created
a self signed CA on FreeBSD with OpenSSL 0.9.6a (included in -stable).

Imported the ca.crt into Mozilla under FreeBSD (1.0 rc1). Signed a
SSL cert for a website, load that website into Mozilla, everything is
fine.

Now I import the same CA.crt into Win2k IE 6, WinXP IE 6, WinXP Netscape
6.2.3 and WinXP Mozilla 1.0 rc3. All say fine. Loading up the website
mentioned above, they all still say can't verify issuer of the cert.

Opened up the view certificate in Mozilla/FBSD and Mozilla/WinXP, I
can't see a differece. Anyone got an idea what the problem might be ?

-- 
Regards, Ulf.

---------------------------------------------------------------------
Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204
You can find my resume at: http://seven.Alameda.net/~ulf/resume.html

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic