Hi, is this a problem with IE ? If so, have you tried this out:
http://mm.cs.dartmouth.edu/wiki/index.php/The_Intermediate_CA_problem Cheers, Max On 02/18/2010 12:17 PM, Ferro Robert wrote:
Hello "Citrix Secure gateway" is an SSL interface to "Web Interface" (to access Citrix application from a web browser) I use an OpenCA generated certificate in "secure gateway". I could correctly connect to the SSL web page but, starting an application. I got SSL 86 error, not with the name of the serveur certificate but with the name of the CA certificate... Is it more clear ? Doing some search I find the way to create an intermediate CA with openssl (http://usefulfor.com/nothing/2008/03/20/howto-create-an-intermediate-certifica-authority-ca-using-openssl/) but not with OpenCA Thanks you for your help Robert -----Message d'origine----- De : Massimiliano Pala [mailto:p...@cs.dartmouth.edu] Envoyé : jeudi, 18. février 2010 16:01 À : Users' Help and Suggestions Objet : Re: [Openca-Users] intermediate certificate Hi Robert, can you give us more context ? What is the Citrix Gateway used for ? (sorry, I have never used it). My guess is that it does a MITM to monitor the application traffic, but to do so, the application shall have the certificate of the C-Gateway installed.. is that right ? How OpenCA is involved in all this ? Cheers, Max P.S.: A PKCS7 cert bundle is just an empty PKCS7 with certificates attached to it - you can create it simply by using the `openssl crl2pkcs7 -certfile <cert1> -certfile <cert2> ... -certfile <certn>` command. On 02/18/2010 07:36 AM, Ferro Robert wrote:Hello everybodyI am encontering problems using OpenCA certificates with « Citrix SecureGateway » - « web interface »My certificate and IE configuration are correct : if i connecthttps://mysite.com I do not receive error message. I find in the Citrixforums this could be solve by loading an „intermediate CA certificate“;for example for GoDaddy certificates we must load « PKCS7 CertificateIntermediates Bundle (for Windows IIS) »How could I do it with OpenCA ?Thanks youRobert------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
project.mana...@openca.org
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
