I'm coming back to this thread because we finnaly put our secure server
into production (self-signed). I'd like to use the suggestions below to
get rid of the annoying "Unknown certificate" browser messages. (And
hopefully it will work at all with IE 3).
But the syntax to openssl has changed from ssleay, and the docs don't
help. How do I generate the DER format file from my ca.crt with openssl?
Alfredo Raul Pena wrote:
>
> Steffen Dettmer wrote:
>
> > > certificate expires, IE 3 disallows access altogether. Anyway I can hack
> > > the Registry or something like that so IE3/4/5 users can go to my site?
> > > Like, adding my phony CA to IE's list of CAs?
> > >
> > > By the way, is there such hack to Netscape too?
> >
> > take a .htaccess and include the following line:
> > AddType application/x-x509-ca-cert .cacert
> >
> > Then convert your ca-cert into "der" Format (via "ssleay -in
> > <cacert.pem-or-whatever> -out <My-Own-CA.cacert> -outform der")
> > (or was is "-infile" ? - no ssleay here ;) )
> >
> > Then upload this file to the dir with .htaccess and it should work at
> > least with Netscape 3/4 (and I think IE 4 too)
>
> You can also take the "der format" certificate file and rename it
> "something.crt". You can then place it in a floppy, doubleclick on it in
> Windows 95/98/NT and voila!!
--
___THE___ "Commercial OS vendors are, at the moment, all closed
\ \ / / economies, and doomed to fall in their competition with
\ V / open economies just as communism eventually fell."
\ / -- H. Reiser, Unix OS developer
/ \ _____________________________________________________
/ ^ \ | Juan Carlos Castro y Castro - [EMAIL PROTECTED] |
/ / \ \ | Diretor de Informática e Eventos Sobrenaturais da |
~~~ ~~~ | E-RACE CORPORATION |
RACER -----------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
