Date: 13-09-02 17:08
this isn't pedantry - making the mistake of exporting your server's private key invalidates the entire process. Would you say it was pedantic for banks to advise people not to write their PIN number on their bank cards in dayglo ink? Practical, yes, pedantic, no.
Otherwise, yes, a good article. For reference, here are the MIME type lines needed for apache's conf file to allow you to place server certs, crls and client certs - encrypted, of course - onto your site.
AddType application/x-x509-ca-cert crt
AddType application/x-pkcs7-crl crl
AddType application/x-x509-user-cert p12
For an admittedly technical lowdown on the various PKCS formats, see:
Also good intro stuff on certificates, see the stunnel site: