----- Original Message -----
From: Dr Stephen Henson <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 26, 1999 12:43 AM
Subject: Re: How to create a cert with SGC?
> The US export regulations don't automatically allow SGC to work just
> because a certificate contains the right extensions. Otherwise anyone
> could use it. The SGC certificate chain also has to end in a trusted SGC
> root which is hard coded in the browser or its database and not readily
> modifiable by the user. The only default trusted SGC root is one from
> Verisign.
Right. The root ends in the Class 3 cert issued by Verisign.
> I believe the original documentation suggested that you needed to also
> modify the Netscape database as well to set the undocumented SGC root
> flag to your root CA. I don't know of anything you can do with IE.
In NS you have to tag the cert as an SGC root using e.g. "gid-tagcert.c".
See "mod_ssl-2.4.6-1.3.9.tar.gz" for further description.
Before you have to compile the Berkeley DB 1.85.
In IE things look different and I've never checked that exactly.
Regards Rene
BTW: I'm looking for Berkeley DB 1.85 on Windows.
Does anybody have the port?
--
-----------------------------------------------------------
Rene G. Eberhard
Mail : [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
