Apache-SSL and Netscape Client Certificates

Apache-SSL and Netscape Client Certificates

Post by Michael Lausc » Sat, 29 Jun 1996 04:00:00

Does anybody know how to use a certificate with then netscape 3.04b
browser for identifaction of the client? I have setup apache-SSL
correctly with self-signed certificates and SSLeay-5.2a. But how trhe
heck can i use a personnel certificate in order to authenticate myself
to the apache server? I've come so far that the server requests a
certificate fromn the netscape client, but netscape only spit out an
error box telling me that i don't have a personnel certificate. And
the "Obtain new certificate" button in the netscape browser also
doesn't seem to work ( certs.netscape.com has no DNS entry and i don't
know how to use a SSLeay generated certificate instead). Anybody has
got this working?

g.a.m.s. edv dienstleistungen gmbh



1. Can't convert my netscape ssl certificate for use with Apache-SSL

I am trying to convert my netscape certificate to use with Apache-SSL.

I run the ns_convert program like so:

# /usr/local/ssl/bin/ns_convert /usr3/ns-home/https-443. httpd
read RSA private key
Enter Private Key password:
writing RSA private key

Your Netscape ServerKey has been converted, but there is a missing element
in SSLeay which does not allow for immediate conversion of your

You'll receive a converted certificate in the mail shortly, which you
should save in httpd.cert and install using "getcert httpd"

Then I receive the converted cert and try to install it....

/usr/local/ssl/certs# ls -al
total 4
drwxr-xr-x   2 root     system       512 Mar 22 00:30 ./
drwxr-xr-x   8 root     system       512 Mar 18 23:34 ../
-rw-r--r--   1 root     system      1255 Mar 22 00:30 httpd.cert

/usr/local/ssl/certs# getcert httpd
unable to load certificate
error:0D067083:asn1 encoding routines:ASN1_get_object:too long
error:0D092065:asn1 encoding routines:D2I_X509_PUBKEY:bad get object
error:0D08C070:asn1 encoding routines:D2I_X509_CINF:error stack
error:0D089070:asn1 encoding routines:D2I_X509:error stack
error:0906600D:PEM routines:PEM_ASN1_read:ASN1 lib

This is the error I am getting.  Anyone have any ideas?

I am running Apache-SSL-US 1.0.3+1.1 on OSF1 V3.2 on an alpha.  My
netscape server runs fine with the certificate.



/  Chris MacLean    Technical Group    Pacific Interconnect  \

2. KERN_INFO 2.4.19-pre2 fs

3. Apache-SSL and problems with SSL certificate

4. DNS - one ip to many domains

5. Create SSL *client* certificate to be used in Apache 2

6. 3D Blaster driver - AGB = PCI??

7. Apache 2.0.39 + ssl + ldap with client certificate authentication

8. Problems with XFree86 using ATIMach32, and a Commodore 1930-A

9. Apache with SSL Client Authentication; per-directory access based upon DN in certificates

10. apache + ssl + certificate +netscape = error?

11. Old machine Tomcat+SSL, new machine Apache+SSL - new certificates needed?

12. Apache-SSL: Multiple Certificates With Virtual Servers?

13. Can't make certificates for Apache-SSL