[EMAIL PROTECTED] wrote:
Hi,
Hello Leon,
I've found this on http://www.nyetwork.org/wiki/ssl_root_ca_new "Create a PKCS#7 format of the Root CA's public certificate: This will allow clients to easily import it into their their PKI storage places, such as Outlook Express and Netscape.
This doc assumes an local root CA certificate that issued you server certificate. But you have a self signed server certificate.
cd /usr/local/ssl.ca openssl crl2pkcs7 -nocrl -certfile ca.crt -outform DER -out ca.pkcs7 ca.pkcs7 will only contain the public portion of the CA's certificate, so you can email it to whomever with instructions on how to import it, put it up for download, or whatever."
Any help?
Setup and administration is usually easier with an small root CA cert that issues your server certs. (Especially if you have more than one server.) It is possible your client refuses to import host certificates as CA certificates... (By the way: I assume you really wanted to use the certificate to authenticate the server. Setup of client certificates (used to authenticate the client against the server _requires_ a CA...) is also possible.) Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
