Re: [ssl-users] Import certificate

Thu, 9 Apr 1998 13:07:29 -0400 


On Wed, 8 Apr 1998, Vanni Galesso wrote:

> Hi
> 
> I have my own CA that issued Certificate in PEM mode .
> How can I use this CA to make my own certificate for  my netscape
> browser .
> I mean .. I have my Communicator and I want to generate my key-pair ,
> after do that , send to my CA the certificate request , and at the end
> import this certificate in the browser .
> 
> Is it possible ?   ( certainly yes , but i'm not able to do this .. )
> 

        Take a look in this abstract that explains how to create a html
form and perl script to do this. Following this abstract, the process is
automatic: you fill the form and when you submit it, NS Navigator
generates a key pair, send it to the server and runs the perl script that
signs the certificate, returning it to the browser.
        Remember to change the ssleay.cnf configuration at the line
nsCertType, setting the bits correctly (at least SSL client and S/MIME) or
the certificate won't be verified (thanks to Stephan Hiller for this
information):

0x80 (bit 0) SSL client
0x40 (bit 1) SSL server
0x20 (bit 2) S/MIME (Mail)
0x10 (bit 3) Object Sgning
0x08 (bit 4) reserved for future use
0x04 (bit 5) SSL CA 
0x02 (bit 6) S/MIME CA 
0x01 (bit 7) Object signing CA

        To set it for SSL client and S/MIME, it will lock like

nsCertType = 0xA0

> Thank you
> 
> Regards                VANNI
> 
> +-------------------------------------------------------------------------+
> | Administrative requests should be sent to [EMAIL PROTECTED] |
> | List service provided by Open Software Associates, http://www.osa.com/  |
> +-------------------------------------------------------------------------+
> 


-------------------------
Josu Jos Souza Jr.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.geocities.com/SunsetStrip/Stage/2495

Salvador - Bahia - Brasil
-------------------------


+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/  |
+-------------------------------------------------------------------------+

Reply via email to