Ralf S. Engelschall wrote:
>
> On Sun, Mar 07, 1999, Nuno Miguel da Cruz Neves wrote:
>
> > I'm running Apache 1.3.4, mod-ssl 2.2.3 and SSLeay 0.9.0b.
> > I've already set up the browser with SSL, and even some more stuff, and all
> > works fine.
> >
> > The question is when I issue a client certificate. I've already read the
> > ns-ca.doc and followed the instructions of F. Hirsch about the script to
> > create a client certificate request. I've managed the browser (Netscape, for
> > now) to recognize the certificate but when I do a verify certificate it
> > gives a "Not certified for E-Mail", when I've accepted the CA that signed
> > the certificate ( my own self-signed CA) to certify e-mail users!
> > Does anyone have a clue on this?
> > Is this a problem of ssleay, and therefore should be fine in openssl?
>
> No, it's matter of the nsCertType extension inside the client certificate.
> This field indicates for which things the certificate can be used. Look
> inside Stephen Hensons's PKCS#12 FAQ and related pages for details (there is
> somewhere a table describing the nsCertType values). A pointer to the PKCS#12
> stuff is inside mod_ssl's Related webarea.
>
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
> ______________________________________________________________________
> Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
Thanks, it was just a matter of changing the nsCertType value in
ssleay.cnf.
--
[EMAIL PROTECTED] Dept. Informatica, Fac.
Ciencias,
|\ | |\ | Tel: +351 1 7500127 Univ. Lisboa, Bloco C5, Campo
Grande
| \|uno | \|eves Fax: +351 1 7500084 1700 Lisboa, Portugal
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
