I've been using my own CA certificate to secure my access (with SSL/TLS) to my personal email & web server for a while now. I originally generated the CA certificate with gnutls' certtool program. I now need to get the certificate working on a client running Mac OS X.
It's fairly straightforward to import the certificate into OS X's Keychain application; however, Keychain insists that my CA is only an "intermediate certificate authority", and therefore OS X refuses to trust the certificate. I have gone through the output of 'certtool --info' and 'openssl x509 -text', and have done quite some Googling by now, but I can't find any way to determine the criteria by which Keychain decides that my certificate is that of a root authority, or an intermediate authority. So my question is: is this root/intermediate setting actually in the certificate itself (in which case it's something I can fix by generating a new certificate--although I can't find any options for this in certtol's documentation; is it possible, or will I have to use openssl?) or is it something I need to do in the Keychain application? The certificate is available from https://crypt.ethx.net/robots.org.uk-CA.crt in case anyone wants a copy. -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
