On Wed, 2 Apr 2003, David Champion wrote: > > What type of Verisign certificate should be used? Is it the same > > type of certificate that you'd use with apache? > > The certificate file should be PEM format, with or without the leading > text material describing the X.509 structure. Qpopper will skip ahead to > the BEGIN CERTIFICATE part, which is what matters. > > The key used to generate the cert can go in a separate file, or in the > same file. It must also be in PEM format. > > The names of the files don't matter.
Thanks for confirming that, but a short while ago I proved it to myself by grabbing my Verisign keys from my apache server and using them with qpopper and Outlook Express and it worked fine. > N.B. I've seen some troubles with Verisign's recently-issued > certificates. What it amounts to, as far as I can see -- there was > nothing in Google about this particular problem, from a server > perspective, when I ran across it -- is that they changed their CA's > signing certificate. You now need to import their "interim" CA cert > into your client's CA list, or, failing that, to include it in the > server-side file with the server's certificate so that it can be > provided to the client alongside your server cert. Just concatenate > the certs for the entire trust path into the file containing the > PEM-formatted server certificate. snipped for brevity Hmm, interesting. Thanks for the heads up. I'll have to study this more closely. Eric
