Dennis Sinelnikov wrote:
Yahel Zamir wrote:
Hi Everyone,
Our company develops a server to be deployed at customer sites, and we
would like to use NSS to authenticate client connections. As a start,
we can setup a CA sign our own certificates.
I tried to follow the instructions in the SSL Reference chapter
"Getting Strated with SSL"
(http://www.mozilla.org/projects/security/pki/nss/ref/ssl/gtstd.html)
but encountered some difficulties. Can anyone point me to some more
information?
1.
The "Getting Strated with SSL" document mentions that "keyutil" was
replaced by "certutil", which makes the examples outdated. Is this
document still valid?
2.
It seems that a server certificate needs to include the server's fully
qualified domain name. Is this requirement obligatory?
3.
At step (3) of "Creating the Databases and Generating the Keys",
running "certutil -L -d server_db" did not display anything. Any idea
what is missing here?
4.
I tried to proceed to "Creating the CA Certificate and Adding It to
the Database". Using the string "f7c1" returned an error, so I changed
to "rsa". But at step (2), certutil complained "certutil: self-signing
a cert request is not supported". Suggestions?
.
Thanks,
Yahel Zamir.
Hi Yahel,
I use the following page for certutil reference:
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
hth,
Dennis
Thanks.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
