Lynn Winebarger schrieb:
>
> I'm aware there's a potential man-in-the-middle problem, but I think
> we can afford to get an external certificate for our "canonical" server,
> then give the self-signed CA certificate from there (so they know they're
> getting it from us).
You are searching a perl CGI script for loading a CA certificate?
src/mod_ssl-2.6.6-1.3.12/pkg.contrib/loadcacert.cgi =
snip --->
#!/usr/bin/perl
##
## loadcacert.cgi -- Load a CA certificate into Communicator
## Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.
##
$|++;
open(FP, "<ca.crt");
$cert = '';
$cert .= $_ while (<FP>);
close(FP);
$len = length($cert);
print "Content-type: application/x-x509-ca-cert\n";
print "Content-length: $len\n";
print "\n";
print $cert;
<--- snip
Use the DER-encoded certfile to ensure the script will work for all
browsers (openssl x509 -in cacert.crt -out cacert.der -outform DER).
best regards,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
