Hi there,
I'm trying to create a certificate with openssl that I can import into
Netscape and then use this for signing jar files.
The problem I have is that even the import is runing without problems my CA
certificate (not the one I want to use for the signing) is not mentioned in
the Signers Section and running the signtool I get the message that the
certificate (now the one I use for certification) is 'not approved for this
operation'. If I try to import my CA certificate stand alone it always go to
'own certificates' and not to 'Signer'.
Before you ask me: Yes I was looking into the PKCS#12 FAQ from Dr. Henson
but I still have the problem :-(
My nsCertType in the usr_cert section of openssl.cnf is set to objSign, and
in the v3_ca to sslCA, emailCA.
I've created the CA with CA.sh -newca and the request with
CA.sh -newreq/-sign.
Then I used openssl x509 -export to make a p12 certificate from the user
certificate and then imported it into NS.
Did I miss something????
Any hints will be welcome!
Oliver
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
