0.29.0 - PKCS12 Certificates Only?

From: Doug Dicks <dwd-l_at_revelanttech.com>
Date: 2003-09-08 22:33:36 CEST

Hello,

I just upgraded to .29 under RedHat 9.

I was using the list of certificate authorities that came with RH9 to
validate the issuer (Equifax) of my server cert by adding the line
"ssl-authorities-file = /usr/share/ssl/cert.pem" to the global section
of my servers file.

This is now broke and I get prompted to confirm my server's certificate
every time. I assume this is due to the following change from the
release notes for .29:
"* SSL changes: (r6958, #1371)
     - dropped support for PEM-encoded client certs, only accept PKCS12
now.
     - 'ssl-authority-files' is now a list of CA files
     - no more 'ssl-client-cert-type' and 'ssl-client-key-file'
variables."

I've been reading the various web pages returned by Google on pkcs12,
but am still at a loss for what to do about it. I've tried several
different ways to convert the PEM to PKCS12, but with no success.

Was there a big security problem with PEM certs?

I can get around this by adding "ssl-ignore-unknown-ca = true" to my
servers file, but would like to avoid this if possible.

Thoughts,

Doug

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Sep 8 22:34:55 2003

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: 0.29.0 - PKCS12 Certificates Only?"
Previous message: Jack Repenning: "Re: Current Updated Revision Number"
Next in thread: Ben Collins-Sussman: "Re: 0.29.0 - PKCS12 Certificates Only?"
Reply: Ben Collins-Sussman: "Re: 0.29.0 - PKCS12 Certificates Only?"
Reply: Mukund: "Re: 0.29.0 - PKCS12 Certificates Only?"
Reply: Tobias Ringström: "Re: 0.29.0 - PKCS12 Certificates Only?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]