If you have XP, you can configure the list of trusted CAs yourself (I think it is the same list that IE uses)
Start->Run->mmc File->Add/Remove Snap-In->Add->Certificates->Add Choose who you want to manage for Finish->Close->OK + Certificates - Whose certificates -- + Trusted Root Certification Authorities Right click Certificates->All Tasks->Import You can now import a PKCS-12 or PKCS-7 cert (or even a 'Microsoft Serialized Certificate Store'). I presume this would work (I haven't tested it, but tried to get it working with IPSec once). I guess it would also work with other Windows with the mmc (I know of none, but at least 2000 does in the NT line - also .NET does, but that isn't released yet :) ) John. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of rm Sent: 03 September 2002 14:19 To: [EMAIL PROTECTED] Subject: Re: [OT] Unknown CA (in M$ IE) On Tue, 2002-09-03 at 06:12, Turbo Fredriksson wrote: > I'm trying to setup my own CA (which seems to work > fine). However, M$ IE complains when accessing a site > with a cert (created with 'openssl') and signed with > the CA cert/key I've created... > > > In M$IE, there's three checks. The CA check, Date > and CN (common name). The CA check is not ok, but > date and CN is... > > If I take properties/more information about the cert, > I see that (translated from the swedish M$IE I have) > > This certificate can not be verified against a trusted > Certificate Authority > > > How do I get Windows to recognize me (my CA) as a trusted > CA?! > -- Click on "accept." You seem to be missing the point about trusted Certificate Authorities. They are "trusted" because they are established third parties in the business of verifying people and sites are "who they say they are." MSIE and other browsers have several trusted CA's on file. When you make your own CA - you're obviously not going to be in a program that was installed prior to your CA's existance. But... the browser allows you the option of accepting the certificate as trusted. If you do - it will be added to the list of trusted certificates and you won't see the message again. rm ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
