Addressed to: [EMAIL PROTECTED]
Ashwin Kutty <[EMAIL PROTECTED]>
** Reply to note from Ashwin Kutty <[EMAIL PROTECTED]> Sun, 09 Apr 2000 13:11:41
-0300
>
> Hi,
>
> I guess I have the same question, which is, if you create your own
> certificate, why do you have to first accept it on the clients
> browser, why is it not accepted to begin with, or is it because the
> certificate is created by me?
>
Netscape & Microsoft have chosen to accept certificates signed by
Verisign, Thawte, and a few others as valid. They ship certificates
with the browser that allow it to accept certificates signed by those
CAs.
When it receives a certificate from a server it checks its list of
authorized signers and accepts the certificate if it finds one. If it
does not you get the series of dialogs about the certificate. If you
accept the certificate forever it won't bug you again till the
certificate expires.
In Netscape 4.x
> I guess my question would be, could we shut the feature off where the
> client browser pops up a box asking for the client to accept the
> certificate and make it so that the page is secure automatically
> without any user intervention?
For web browsers within your orginization, yes, you can add your CA
certicicate to the list of acceptable CAs. I haven't done it, but I
understand all you have to do is put the CA certificate on the web,
point the browser at it, and accept it in the following dialog(s).
For just anyone around the world, sorry. You have two choices. Buy a
certificate from one of the CAs listed in
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
