Gottfried, On Wednesday 19 November 2003 18:49, Gottfried Scheckenbach wrote: > sorry, perhaps I gave you a wrong hint - but I don't know it better... I > have also a strange problem eventually connected with chaining too: My > sub-ca crl has the issuer of the root-ca - see my mails from 2003/11/17. > The problem isn't solved, yet.
Yes, I have seen this. I do not have this problem. The issuer of my sub CA CRL is the Sub CA. This may be because I have taken the decision not to issue CRL from the Root CA. > I can't check this because in my installation I use at the moment non > ssl secured ra and ca interfaces. Thus the browser get's no request for > presenting his client certificate... There is a "Test Certificate" function in the public interface. This is what I am using. The client can use this function and sign a page, the signature is then checked. > > But in my case, the following scenarios work without problems: > > - Importing root-ca cert in IE and Mozilla > Users see then only the root-ca cert in cert management > - Importing user-cert and private Key via pkcs12 > Users see then their own cert and sub-ca cert in cert management > - In Mozilla and IE/Outlook all user certs are valid > - With Mozilla signatures, sig verification, en- and decryption work > - With Outlook signatures, sig verification, decryption work > encryption fails with some error > Yes, all this is fine with me too ! I think that my certs are correct, I belive the problem is in the signature checking code. Although I coyld be wrong !!! Chris... ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
