Hello, I am using the Win32OpenSSL-v0.9.7f.exe download running on Win Me.
I am writing a web-based accounting system for a client who is a chartered accountant. He has been using my system for many years in-house. But city traffic being more of a problem he wants his staff to be able to work from home so I am writing a webbased interface. Because the data is the financial data of his clients, it needs to be secured. What I am looking at is a system that is used by a few trusted staff, but over the internet. I envisaged that I could create my own certificate authority certificate and append it to my servers cacert file along with all the others, then create private key and certificate based on the cacert and put that in the webserver. I have been able to make a self-cert work but it does bring up an untrusted message on first use and I am not sure it is really secure in the internet at large. I have created a certificate authority certificate - a x509 cert but it is only the encrypted section and not the full verbose form that cacerts have in the servers cacert file. When I try: >exec C:/OpenSSL/bin/openssl.exe x509 -in cacert.pem -text Error opening Certificate cacert.pem 4294003705:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:278:fopen('cacert.pem','rb') 4294003705:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:280: unable to load certificate I dont have a crypto directory or a bss_file.c anywhere. Am I missing something from the distribution ? I want to know how to create a full cacert to put in the server cacert file. I am also wondering if the approach outlined above is adequate. Perhaps a private reply is appropriate. Thank you in advance, Paul Nash webscool.org [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]