> I expect that'd do it; you'll still need to install the CA certificate > in browsers, though. I have a similar setup, but with a CA cert > generated in-house. No you don't. The server hands out both certificates during the connection process. It just works ;-)
> I then install the ca cert into clients who need access. To be specific, > I generate a client SSL certificate for them that also contains an > embedded version of our CA cert. That way they import the CA cert when > they install the client cert; I then just get them to authorize the CA > cert for identifying remote hosts. In your case it sounds like you aren't using a certificate signed by any known authority. He is - he's just using one signed by someone who was signed by a known authority. Nothing needs to be installed in the browser. -- Joe Rhett Chief Geek [EMAIL PROTECTED] Isite Services, Inc.