Hi, I am currently setting up a pop3s server on my Linux box (the one from the UW imap package). I created a root certificate and used it to sign a server certificate. After installing everything in the appropriate places and setting up inetd (actually xinetd) entries for the server, I tested the installation by connecting to localhost using s_client. This works like a charm, in particular, the server certificate is accepted when the connection is established. So I'd say I got it right.
Next thing I did was to install the root certificate on a WinXP system on my LAN. I could import it into the certificate storage where all those certificates from trusted security providers are kept. This also worked, apparently without problems, and my certificate was displayed along with all the other ones. The properties dialog indicated that the certificate was valid. Then I tried to connect to my Linux server using Outlook Express and received a dialog box telling me that the server certificate's signature could not be verifed and asking whether I wanted to accept it anyway. Of course I can answer 'yes' here and then it all works, but that is not what I am trying to achieve. So I tried to use different trust settings for the root certificate, but when I used '-trustout', the resulting .pem file seemed to be incompatible with windows (there was a complaint about an 'unknown file format', probably because of the word 'TRUSTED' appearing in the header and footer lines). I converted it to .der format, and then I could import it, but when I tried to make a connection, the result was as before. Now I'm stuck, can anyboy advise me how to proceed? I'm sure what I am trying to do cannot be all too uncommon, but I could not locate any useful information on the net. tk -- Thomas Koeller thomas at koeller dot dyndns dot org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
