However now I realized that Mozilla requires my client Cert in PKCS#12 format (not pem). I was mislead by the "Purposes" field of "Web Sites" certificates tab, which says "Client,Server" and I installed only the server certificate.
PEM usually only includes the public certificate and not the private key, at least Mozilla only understand the form with the cert only, even if openssl can concatenate both together inside a PEM (but you can find many things inside an openssl PEM even a crl for exemple).
If you import a PEM, you can not use the result a personnal certificate, because you get only the cert, not the private key.
It can be useful to import PEM cert to be able to send encrypted mail to someone (you only need to know his public key to do that).
The purpose tab might be confusing. If it says 'client' for a cert that is not your own, that means that the owner of that cert can use it for client usage, *not* that /you/ can use it as a client cert.
It's probably not so useful to know that, and maybe it should be left in the certificate details.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
