At 11:48 1998-09-29 -0700, Ted Arden wrote:
>A couple of things really:
>
>1) in your FAQ, you mentioned an app called "s_client" in the
>SSLeay dist. that is used for testing the 443 port. I couldn't
>find the app.
SSL_DIR/bin
e.g. /usr/local/ssl/bin/s_client
>2) running the "make certification" produce the following errors:
the make certificate only works before installation, doesn't it?
Use the FAQ; #13 and #14 and remember not to call the CA the same name as
the server, because then ca.sign won't work. (learnt the hard way ;-)
My tip:
copy ca.crt ca.crt.pem and mv ca.crt to ca.pem and run
$ pem2der ca
so you run up with a ca.crt in der-format. This is readable by both MSIE and
netscape (mimetype: application/x-x509-ca-cert). If the clients install
this ca.crt in their browser, they will accept your signed signed
server-certs.
This of course only holds if you distribute the ca.cert in a secure manner
(i.e. neither by unencrypted mail nor http)
- --
magnus bodin - now a happy mod_ssl user
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
