On 15-09-17 15:58, Richard Olsen wrote: > I missed putting in the email that i created all the certs as listed > below. SO i have the CA, Server and Client certs created. And tried to > do the pfx file for authentication with a "Soft cert" where i'll have to > configure later for a "hard cert" smartcard. Okay, so what are you trying to do, then? - If you're trying to do client-side authentication, then you need to place your CA certificate in a file that you point to with SSLCACertificateFile (see http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile for the apache 2.2 version of that configuration item). The Server certificate can be any (and should probably be a public-trust one). - If you're trying to authenticate your server against a private CA, then you should import the private CA certificate into your browser trust store. For firefox, you do that by going to Preferences -> Advanced -> View Certificates -> Authorities -> Import..., and then pointing to the .crt file. Note that while it is allowed, it is absolutely not necessary that your server certificate and client certificate are from the same CA. -- Wouter Verhelst -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
