On Mon, Aug 5, 2013 at 1:26 PM, ming <[email protected]> wrote: > Hi Ben, > Thank you for the reply. i've a few questions about your reply: > > >> When you pass a CA certificate/chain with the 'ca' option, node.js >> won't load any root certificates, just the certificate/chain that you >> specified. > > Why do i need to add the cert of the well known CA (say VeriSign) that signs > my server's cert? When clients (real humans or applications) visit my > site say via HTTPS or SPDY at > https://foo.bar.com/.... > it's the responsibility of the client's browser or application to know of > the well known CA's cert for the SSL/TLS handshake, right? > > My private CA is only responsible for the client-side cert authentication > since the cert for my server, namely foo.bar.com, is no longer signed by my > private CA. Am i missing some detail here?
Sorry, I must have misunderstood that part. If you're only using the CA for client certificate verification, then yes, changing the server's key and certificate to something signed by a well-known CA is no problem. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
