[ale] OpenSSL Cert Quesiton
Fletch
fletch at phydeaux.org
Wed Oct 9 09:46:01 EDT 2002
>>>>> "James" == James P Kinney, <James> writes:
James> In order to have the error message "go away", you need to
James> have your certs "signed" by a group like Thawte or
James> Verisign. It's not $0 (free) and they expire.
James> You can "sel-sign" but then you must "accept" the
James> certificates manually in the browser. And you must accept
James> it for each browser that accesses the https site.
There was a recent item on slashdot about SSL CA's. There's
an outfit that's doing $49/cert. They've got a comparison/advert site
at http://www.whichssl.com/.
Another alternative is to setup your own CA and tell your
browser to trust it. I did this once aeons ago with the Netscape
Certificate Manager software and seem to recall it wasn't too much of
a hassle. Basically you had to setup apache to send a certain content
type for the CA keyfile and then Netscape would pop up a `Are you
really certain you want to accept keys signed by this bozo?' dialog.
Check the mozilla docs, and maybe the docs for the commercial Netscape
CA package.
--
Fletch | "If you find my answers frightening, __`'/|
fletch at phydeaux.org | Vincent, you should cease askin' \ o.O'
770 933-0600 x211(w) | scary questions." -- Jules =(___)=
770 294-0820 (m) | U
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list