Hello All,
I have a question regarding the use of certificates in IE 5+ and Netscape
4.7+. We have written a small customised SSL web server using OpenSSL,
etc... This web server is only to be made available to employees of the
customer company, using SSL to secure the link and a login mechanism to
validate users.
Up until now we have always tested it using a self-signed cert/key pair, but
soon we will be installing it in several customer sites which leads us to
the question:
Can we apply for a certificate from a CA and us it to sign the certificates
for our customers, ie. can we chain the certificates in a hierarchical
manner?
If we couldn't do this, what would be the issues to consider about issuing
certificates to our customers signed only by us, bearing in mind that the
trust issue is simpler for us as all parties already have a stronger trust
by being collegues etc... I understand that the browser will bitch a bit
about untrusted certificates but that they can be accepted/trusted after the
first use.
I would also assume that the certificates of the CA's have been hard-wired
into their EXE's so that installing our certificate into the browser a new
CA is impossible? I'm guessing on this one.
Any light-shedding would be appreciated,
TIA,
Stephen.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
