On Wed, May 26, 1999, Travers wrote:
> I've recently intalled Apache 1.3.6 with mod_ssl 2.2.8. I'm not
> interested in getting a CA certificate from one of the established CA's
> (well, not unless it's free), so I'm using the recommended tagcert
> application that comes with mod_ssl to enable 128 bit encryption. In
> any case, since I'm not a bank or anything, the established CA's
> wouldn't grant me with Global Server ID even if I paid.
>
> Problem is that this only patches the certificate when it is already in
> the client browser's certificate database. So, for clients to use 128
> bit encryption, they either have to use the Fortify patch or the tagcert
> application. Neither of these solutions is very "clean". Is it
> possible to tag the Global Server ID field of the CA certificate BEFORE
> the certificate is imported into a particular browser's certificate
> database? This would make life so much simpler.
Sure, but then the whole efforts Netscape and Versign made would be useless,
of course. So, no, I don't think there will be a trick to tag the stuff
before importing it...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]