You can, it's just harder if you are hand building a CA. Netscape 6 has been designed with web based CA's in mind (the most common form of CA currently deployed). We you set one of those up, you usually set it up to export the CA from the web server with the mime-type: application/x-x509-ca-certificate . You have your users/friends (people relying on that CA for their security infrastructure) reference a link to the CA and that will download the CA and allow your users/friends to select what level of trust they wish to give to this CA.
If you want to download a hand generated CA, without the use of a web server, it's a little trickier: goto Preferences->Navigator->Helper Applications Click on <New Type..> Fill in the following fields: Descripty of type: CA Cert File Extension: cacert MIME type: application/x-x509-ca-cert Leave the last field blank. Now you can click on a .cacert file in your filesystem and it will load it as a ca cert. [If you are using Open SSL to generate your ca, you can use .pem instead of .cacert] Once you get your ca installed and trusted, then you can sign messages. NOTE: your signed message will show up with an invalid signature on anyone else's email address unless they too install your root ca (which is why I mentioned the web based CA). I suggest, if you want to test S/MIME out, that you go to the Thawte page. They issue free email certificates which are trusted by pretty much everyone, and are good for one year. If you want to use a test sight (to http://testca.netscape.com ) bob Ferenc Kubinszky wrote: > Yes, of course. > > Mozillas said it is not a verified/entrusted CA. > Why can't I add my own CA to the CA list ? > > Kubi > > On Wed, 8 May 2002, Bob Relyea wrote: > > >>Did you go to mail Account setting folder and select those certs as our >>signing and encryption certs? >> >>bob >> >>Ferenc Kubinszky wrote: >> >>>Hello, >>> >>>I use Mozilla build 20020315, and 1.0RC1 too. >>>I tried to sign and/or encrypt my e-mails, but I have just partial >>>success. >>>I can encrypt the messages, but I can't sign them. >>>When I try to sign I get the following error box: >>>"Sending of message failed. >>>Please verify that your Mail & Newsgroup account settings are correct and >>>try again." >>> >>>I imported my own certificates correctly, I think. >>> >>>I created the certificate with openssl: (CA.sh is shipped with openssl) >>> >>>CA.sh -newca => demoCA >>>CA.sh -newreq => newreq.pem >>>CA.sh -sign => newcert.pem >>> >>>openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out MyFirst.p12 >>> -name "MyFirstTry" >>> >>>Then I imported it to mozilla. >>> >>>Did I miss something ? >>>How is it possible to sign my messages ? >>> >>>Best regards, >>>Ferenc >>> >>> >>> >> >> > >
