Hello Everybody, I currently use Apache 1.3.9 with mod_ssl 2.4.2 and OpenSSL 0.9.4 I would to ask a few question in order to be sure on some points. I try to setup an authentication procedure with this configuration. So, I created a self-signed CA certificate and signed a server certificate. Everything was fine. I also fortified Netscape in order to get a 128 SSL encryption. Netscape 4.7 and IE5 accept the server certificate. I created a client certificate and I tried to authenticate this client. So I forge a p12 certificate who is accepted by Netscape but not by IE5. why ? when I created the p12 certificate openssl ask me the private password and ask me a new import password. I used this import password to import this certificate in Netscape. When I try to authenticate the client, Netscape ask me the password for his own certificate database. I never use the private password to prove I am the owner of this certificate. is there something wrong in this procedure. I mean we can imagine a situation where some persons share the same browser and they know this password. But each of them could have personal certificate in this browser. OK on NT they can have their own login and password and by this way they have their own Netscape envronment. But, if they use the same browser configuration how can I be sure they use their own personal certificate ? Thanks ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
