> The problems are: > > 1. I have no idea how to install my own CA certificate (or server > certificate?) on the Internet Explorer. First you must install your CA certificate as a trusted root certificate. To do this connect with IE to your server, Accept the warning. Click on the security icon (lock on bottom right). Click 'certification path' tab, then select the root CA (upmost in the chain, shuld have your CA name) and click 'View', then 'Install certificate'. Follow the instructions. After this your CA will be considered trusted and your server cert will be accepted with no warnings. > 2. I have no idea how to generate a personal certificate (or > client certificate) for client authentication to the server and > how to install it on the Internet Explorer. Use 'openssl req -new' to generate a certificate request usign your CA. (info on http://www.openssl.org/docs/apps/req.html#) Then use 'openssl x509 -req' to generate a certificate from the request you've just generated. (info on http://www.openssl.org/docs/apps/x509.html#) You will have a certificate and a private key. Use "openssl -PKCS12" to generate a PKCS12 file (info on http://www.openssl.org/docs/apps/pkcs12.html#) Hopefully, your PKCS12 will contain your brand new certificate and private key in a single file. Once you have your brand new PKCS12, install it on your Windows system (so IE has access to it). Use "Control Panel / Users & Pass / Advanced / Certificates / Import" and follow the instructions (this is valid for W2000, path may differ for other versions.. find it). I presume you understand how to install your CA in mod_ssl (if you don't see SSLCACertificateFile or SSLCACertificatePath) Hope it works. Diego PS: I'd love to see a Windorze GUI cert generation utility someday.. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
