ZServerSSL and Certificates

Michael Ströder michael at stroeder.com
Thu Aug 5 21:26:52 CEST 2004


Sean wrote:
> 
> So I take privatekey.pem and the ca cert and combine them into a
> single file called ca.pem.

Why? The server's private key has nothing to do with the CA certificate.

> Then I:
> 
> # ./CA.pl -sign
> # openssl rsa < newreq.pem > newkey.pem

Nope. You don't have to issue a new cert.

> and I combine the server cert and newkey.pem and call it server.pem.

You issued another server cert without need for doing so.

> Microsoft IE6 first shows a request for a cert to use, I click OK to
> bypass it then a warning dialog that the ca is not trusted.

Yes. Since you installed your privately generated server cert instead of the
server cert issued by the CA.

Simply use the server cert you got back from the CA.

Ciao, Michael.



More information about the Python-list mailing list