Per Ahren wrote:
>
>
> -------------------------------------------------------------------
> The site 'zxy' has requested client authentication, but you do not have
> a
> Personal Certificate to authenticate yourself. The site may choose not
> to give
> you access without one.
> -------------------------------------------------------------------
>
> Do anyone know why NS 4.5 don't send my certificate to the SSR server?
>
> How do you trigger this?!
>
The reason for this is that Netscape 4.06 and later changed the way they
handle client authentication. What used to happen is that you could use
any certificate under "yours" for client auth including those the server
didn't trust.
Now however it only lets you choose from the list of certificates that
the server trusts and sends out as a list when it makes the certificate
request.
So what you need to do is add the CA certificate of your own CA
(Verisign and Thawte are probably there as standard) to the list the
server sends out. How you do this depends on the server you are using.
For example on Apache-SSL you would use the SSLCACertificatePath or
SSLCACertificateFile directives.
Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED]
NOTE NEW (13/12/98) PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
