Francisco Javier Arias González wrote:
I have:
Two CA certificates. (CA1 , CA2) (not well known CA)
One client certificate of CA1.
Ask option enabled.
If a http server have a certificate of CA1, mozilla send client
certificate.
If a http server have a certificate of CA2, mozilla do not send client
certificate.
We (CAcert.org) operate a website on apache that uses certificates from
ourselves, but only accepts certificates for authentication purposes
from a different CA.
As long as the certificate for the website is trusted in the browser and
you don't need to chain the following simple example is how we did it.
http://www.cacert.org/help.php?id=9
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto