Maurizio Marini - Datalogica snc wrote:
>
> Hi,
> as described in docs, the cert of RAO has to be imported using a p12
> cert.
> After importing it, i noted that Netscape was unable to verify it.
> I suppose Netscape is checking the issuer of cert, searching for some ca
> listed bewtween the signers present in browser.
> w/o this match, Netscape declare the cert not trasted
> so, when you use it to sign the cert pending, the error "sign is needed
> to proceed".
> I was not able to avoid it, until RAO cert was untrusted.
> Bye.
Yes, this is a Netscape bug I am trying to avoid. Anyway the problem is that
Netscape does not put the CA certificate contained in the .p12 file into
the signers list. To correctly import the RAO certificate you'll have to
do the following:
1. Import the CA certificate
2. Import the .p12 file
If you do these steps not in this order the certificate will not be correctly
verified and you have to delete the certificate from the Netscape db (removing
it) and then import the CA certificate first.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
