Sorry about the html ....
First of all, I am using Mozilla. I never use IE
Secondly, every time I try to import the 'server.crt' it complains that it is not in 'pkcs12' format.
Thirdly, the CA.pl "guides" are just as confusing as the OpenSSL guides.
I have yet to find a clear-cut description of how to create your own CA; certificate signing requests and certificates without finding error somewhere in the commands. No one has been clear on this subject.
And, even more confusing than how to create the certificates is where to put them when you are done. I have tried to follow the Apache documentation both in my distro and on the web, but it is still unclear.
As you can tell, I am frustrated.
I am impressed with the knowledge and experience of those posting to this group. But most of it is over my head. All I want is to get my problem resolved. Thanks for the ideas you gave here.
And, thanks for answering ....
You are correct in your observation that I should be able to connect without importing the certificate. But I don't know what is wrong.
That's why I took the approach of providing the commands I used and what I did with the results. That was in hopes that someone might see where I made my mistake. Thanks again.
Dr. Stephen Henson wrote:
On Sat, Sep 11, 2004, Steve Ankeny wrote:
Please don't post in HTML.
As to your query. This is much easier if you follow the CA.pl instructions. Some "guides" suggest you do all manner of strange and in some cases insecure things.
You do *not* import the server private key and certificate into the browser nor do you create a PKCS#12 file from it. Since the server security depends on the secrecy of the private key you do *not* want to give that away!
You need to trust the root CA certificate *only*. There are several ways to do this. One is to select the root CA store in MSIE. From the Tools menu select Internet Options then the Content Tab. Click on the Certificates... button and select Trusted Root Authorities and finally the Import button. Browse to the appropriate file and it should allow you to add the certificate as a trusted root CA.
However there may be something else amiss because normally even if you haven't added the root CA you can still connect to a secure server with some warnings.
Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
--
"Well, you know what my dad always said? Having dreams is what makes life tolerable!"
-- Pete, Rudy's friend
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
