Averroes wrote:
>
> Hi Steve,
>
> Here is a pkcs12 fomat file in attached document.
> I reproduced all steps below with at the beginning, a serial number "00"
> in serial file.
>
Your problem is that '00' in the serial file: this is confusing
Netscape. The reason for this is that the issuer name and serial number
are assumed to uniquely identify a certificate.
However your root CA and your user certificate will both have the same
issuer name and serial number.
The CA.pl script initializes the serial file to 01 for this reason so
the first user certificate signed gets serial number 01.
You may also have messed up the Netscape database so it might be a good
idea to delete or rename it so Netscape will rebuild it when it is next
run.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
