[olug] which digital certificate authority?
Brian Wiese
bwiese at cotse.com
Mon Sep 29 20:20:48 UTC 2003
On Mon, 29 Sep 2003 11:17:10 -0500
Sam Tetherow <tetherow at nicusa.com> wrote:
|if you don't want to spend the afternoon to figure out how to do a self
|signed cert for internal stuff then I think the $49/year wouldn't be
|that unreasonable. But really it doesn't take much to do it, check the
|mod_ssl FAQ for the quick and dirty how to (
|http://www.modssl.org/docs/2.8/ssl_faq.html#ToC27 )
There's also a script that comes with mod_ssl, "mod-ssl-makecert.sh" which
will take you though all the prompts and generate the CA and the self
signed cert for you. I found that pretty handy, though I did spend at
least a couple hours playing with it to understand it a little better.
Getting a cert, and understanding the whole process may take you from
20mins to an afternoon.. but I'm sure Neal understands this whole csr,
crt, crl, key stuff is.
as for...
|All you need to do is load the signing cert into the browser's list of
|acceptable CAs to get rid of this message. Under Netscape/Mozilla all
|you need to do is view the .crt file with the browser. I don't
|remember, but I'm pretty sure it atleast asks for confirmation.
|
|To get it loaded under IE (included for compeleteness) you save the .crt
|to disk, then open the file and it should launch the certificate wizard.
Do I need to just make the "server.crt" file available for download for
the clients to install this, or can they usually just say "trust forever"
(not an option in IE?) this cert when the window pops up on the first time
visiting the site?
Brian Wiese | bwiese(at)cotse.com | aim: unolinuxguru
-------------------------------------------------------
GnuPG/PGP key 0x2FD6AF16 | "FREEDOM!" - Braveheart
-------------------------------------------------------
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
More information about the OLUG
mailing list