Verisign certificate - Import and Export
Alex
I have Verisign certificate and as far as I could figure out it is IE
based. I have read faq supplied by Verisign which states:
"Software Publisher Digital IDs purchased for use with Microsoft
Authenticatecode does not work the Netscape Object Signing Protocols due
to it technological differences in th esecurity and authentication
policies of Micrososft and Netscape".
However, I could not remember where I have read that it is still
possible with some of the exporting and importing the certificate
files.
Does anyone know where to find information about that?
Thanks in advance
Alex
Dr S N Henson
This depends on the actual certificate. If it contains the netscape
certificate type extension and has the object signing bit set, and it
chains to an already trusted Verisign root CA in Netscape (which is
quite likely) then yes this should work.
If it doesn't have the extension then it wont work.
Verisign may have decided to omit the extension to specifically prevent
you from doing this.
Otherwise its a case of converting the certificate and private key to a
form Netscape can use. If it is already imported into MSIE (rather than
a PVK and SPC file) then this is fairly easy and you can use the MSIE
dialog boxes to check the certificate is OK.
If you have only PVK and SPC files then they need to be converted. You
can use OpenSSL and a tool I've developed for this: see my homepage for
more info. Its best to examine the SPC file first though to see if the
certificate is OK. If its a recent SPC file it will be in PKCS#7 format
so you may be able to just give it the extension .p7c and examine it
with MSIE.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: she...@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: httpX-Mozilla-Status: 0009usiness Email: d...@celocom.com PGP key: via homepage.