This question was already answered by Ralph Engelschall at Mon, 8 Mar 1999
08:29:49 and I've already posted my answer to that. You should take a look
to see what interests you!
If you're in a hurry and want to do it quickly, it's just a matter of
changing your nsCertType in ssleay.cnf to 0xb0 (this is for SSL Client +
S/MIME Mail + Object signing). If you don't understant a word of it, read
the docs! :-)
By the way th table is:
Value Meaning
0x80 SSL client authentication.
0x40 SSL server
0x20 S/MIME mail.
0x10 Object signing.
0x04 SSL Client CA.
0x02 S/MIME CA.
0x01 Object Signing CA.
and this was taken from http://www.drh-consultancy.demon.co.uk/ca-fix.html
Be carefule that with this value, your server certificates will be
incorrect!
Fathi Ben Nasr wrote:
>
> Nuno Miguel da Cruz Neves a écrit :
>
> > Hi.
> >
> > I'm running Apache 1.3.4, mod-ssl 2.2.3 and SSLeay 0.9.0b.
> > I've already set up the browser with SSL, and even some more stuff, and all
> > works fine.
> >
> > The question is when I issue a client certificate. I've already read the
> > ns-ca.doc and followed the instructions of F. Hirsch about the script to
> > create a client certificate request. I've managed the browser (Netscape, for
> > now) to recognize the certificate but when I do a verify certificate it
> > gives a "Not certified for E-Mail", when I've accepted the CA that signed
> > the certificate ( my own self-signed CA) to certify e-mail users!
> > Does anyone have a clue on this?
> > Is this a problem of ssleay, and therefore should be fine in openssl?
> >
> > Thanks for any help.
> >
> > --
> > [EMAIL PROTECTED] Dept. Informatica, Fac. Ciencias,
> > |\ | |\ | Tel: +351 1 7500127 Univ. Lisboa, Bloco C5, Campo Grande
> > | \|uno | \|eves Fax: +351 1 7500084 1700 Lisboa, Portugal
>
> Hi,
>
> I am issuing the same problem with a communicator export version (4.05 and
> 4.5 with PKCS#11). Can you tell me how did you solved the problem.
> I use RedHat 5.2 (2.0.36-0.7) with apache 1.3.4 mod-ssl 2.2.4-1.3.4 and
> openssl-0.9.1cs with bnpatch.
>
> Fathi Ben Nasr
> Mechanical engineer.
> Société Nationale des Chemeins de Fer Tunisiens.
>
> ______________________________________________________________________
> Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
[EMAIL PROTECTED] Dept. Informatica, Fac. Ciencias,
|\ | |\ | Tel: +351 1 7500127 Univ. Lisboa, Bloco C5, Campo Grande
| \|uno | \|eves Fax: +351 1 7500084 1700 Lisboa, Portugal
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
