Bodo Moeller wrote:
>
> Dr Stephen Henson <[EMAIL PROTECTED]>:
>
> [...]
> > How many certificates are in the chain? If its only two then there's no
> > point because the root will have to be in the browser anyway.
>
> This is a convenient way to get it into the browser, assuming that you
> distribute the CA certificate fingerprint to everyone first. That
> can make quite a lot of sense for intranets.
Depends on the browser. For some versions of Netscape it will just crash
and for others it will just add the server certificate and not the CA.
Later versions of IE are OK though.
With Netscape sending unknown CA certificates in S/MIME email or as a
MIME attachment seems to work better.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
