Jean-Marc Desperrier wrote:
Gianpaolo Fasoli wrote:
David Stutzman wrote:
-Did you import the CA certs into mozilla and edit the trust settings for your root CA?
Importing the certs is necessary. Editing trust in the client is not.
Yes, that was it, thanks a lot.
Well, that's a bug.
Mozilla should not require that you trust a CA in order to use a cert it emits as authentification.
Right, and mozilla does not in fact require that. For SSL client authentication, the relevant criteria are what certs does the SERVER trust, and the server names them during the handshake. mozilla honors the server's list.
This means anyone just has to give you a cert and tell you must use it to authentify to his site in order to have get his CA as trusted inside your certificate store.
That's not true.
As there is no trust flag specific to trusting for emitting authentification cert, I'm afraid that enabling the CA for authentification forces to enable it for other things you may not wish.
Fear not.
-- Nelson B _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
