[EMAIL PROTECTED] wrote: > I'm trying to be my own, personal CA. The plan is to create my own, > self-signed CA cert, import that cert as a trusted authority on > Thunderbird, Firefox, whatever.... and then create certs (signed by my > new CA cert) for use on the various servers that I and a few other > friends use.
> I can only guess that either the CAcert or the cert I signed with it > isn't exactly how its supposed to look... but I'm at a loss as to how > to find out what the problem is. NSS has a couple of QA test tools, vfychain and vfyserv, that should be usable for this purpose. However, I've just noticed that they have no way to ask if a CA is a valid Email CA. They do have a way to ask if an email signature or recipient cert is valid though. If it's not, they will tell you what's wrong with it. Akternatively, If you post the hostname/port of the server, we can take a look. Or, you could email (or post) the complete cert chain, from CA to server cert, for us to examine. -- Nelson B _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
