Averroes (9/17/2001 7:25 PM):
>What I want to say: after importing my user's cert in pkcs12 format
>in my Netscape Comm browser, I got an user cert plus server cert,
>moreover with the same name!!
As Dr. S N Henson very well pointed out, don't use the same field details (especially
not the commonName) in the CA and the client certificates.
That's why you see the same name: Netscape checks what CA has signed the client
certificate you import. If the CA name is not on the list of signers it knows, it will
add it there. Because you (probably) use the same commonName for the CA and the client
certificate, that's why you SEEM to have the same name twice in the lists. Actually
they are different (one is CA, other is client certficate).
That's why I use distinct openssl.cnf file for creating CA, server and client
certificates: saves me the trouble of modifying fields back and forth.
Please try and use a different commonName parameters in openssl.cnf for different
certificates.
>By definition, if it is Self-Signed it is trusted.
I am not aware of such a thing. But, again, I am not very experienced so I will let
others confirm or deny.
Best regards,
Sebastian
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
