Forum Discussion
PKI (Public Key Infrastructure) Practical
- 10 months ago
Hey schmitty
Thanks for explaining your steps; it really helped spot where the problem was! You'll need to import the CA certificate you created, not the X509 certificate. As you created your own CA and used it to issue certificates, Firefox must trust the CA for those issued certificates to be trusted, which is why you import ca.crt instead of myserver.crt. Hope this helps!
It is https://immersivelabs.online/labs/pki/role/technical-fundamentals/series/encoding-and-encryption
It is a walktrough: create ca.key and ca.crt
Then create myserver.key
With myserver.key a myserver.csr is created
the myserver.csr with ca.crt and ca.key is tuned into a X509 called myserver.crt
myserver.key is cp to myserver.pem and myserver.crt >> myserver.pem.
with myserver.pem a simple s_server is startet with https://IMLLabPKI.com:4433/index.html
Firefox does not know the myserver.pem so the X509 myserver.crt muss be imported, but the Browser denies.
Hey schmitty
Thanks for explaining your steps; it really helped spot where the problem was! You'll need to import the CA certificate you created, not the X509 certificate. As you created your own CA and used it to issue certificates, Firefox must trust the CA for those issued certificates to be trusted, which is why you import ca.crt instead of myserver.crt. Hope this helps!
- schmitty10 months ago
Bronze III
Oh, i tried every file in this directory, and this/that... so i got lost...
The ca.crt has also the X509 tag (but i did not see) and of course it is written in the instructions.
I also made a flowchart of the files, how they "develop" and i thought, that myserver.crt to be the certificate file is a little bit strange...