[ale] OpenSSL Cert Quesiton

Fletch fletch at phydeaux.org
Wed Oct 9 09:46:01 EDT 2002


>>>>> "James" == James P Kinney, <James> writes:

    James> In order to have the error message "go away", you need to
    James> have your certs "signed" by a group like Thawte or
    James> Verisign. It's not $0 (free) and they expire.

    James> You can "sel-sign" but then you must "accept" the
    James> certificates manually in the browser. And you must accept
    James> it for each browser that accesses the https site.

        There was a recent item on slashdot about SSL CA's.  There's
an outfit that's doing $49/cert.  They've got a comparison/advert site
at http://www.whichssl.com/.


        Another alternative is to setup your own CA and tell your
browser to trust it.  I did this once aeons ago with the Netscape
Certificate Manager software and seem to recall it wasn't too much of
a hassle.  Basically you had to setup apache to send a certain content
type for the CA keyfile and then Netscape would pop up a `Are you
really certain you want to accept keys signed by this bozo?' dialog.
Check the mozilla docs, and maybe the docs for the commercial Netscape
CA package.


-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org   |  Vincent, you should cease askin'          \ o.O'
770 933-0600 x211(w)  |  scary questions." -- Jules                =(___)=
770 294-0820 (m)      |                                               U

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list