Note that Microsoft changed in IE7 the method of adding a self-signed root CA into the browser store, your users will need to be familiar with the new procedure if they are running this.
Ted > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of ProgrammerMP > Sent: Thursday, November 29, 2007 1:12 PM > To: openssl-users@openssl.org > Subject: RE: Problems with Website's Security Certificate > > > > I got it working. I no longer get the error about the certificate being > setup for a different web site. I started from scratch and made sure I > followed all the steps correctly. I am not sure what I had wrong, but I > believe I was either pointing to a bad certificate; forgot to > link Apache to > a good certificate; or forgot to restart Apache. > > Yes, I was referring to the contents of Common Name. I will try > and be more > specific in the future. > > As far as the free 3rd party signing my certificate, I understand your > point. So, I'll have just have to have my users set up there web > browser to > trust the certificate I email to them. > > Thanks to all for your help. Much appreciated. > > > > David Schwartz wrote: > > > > > >> I setup my certificate for 10.x.x.x and when I try and access > the site, i > >> use https://10.x.x.x and I get the error about the certificate being > >> setup > >> for a different web site. I've read up on this and the example > >> they usually > >> use is make sure you use www.foobar.com and not just foobar.com. I am > >> assuming if I setup my certificate for <address> then https://<address> > >> should work. Is this assumption correct? > > > > Yes. What precisely do you mean by "setup my certificate for"? Are you > > talking about the contents of the CommonName field or SubjectAltName or > > what? > > > >> As far as the 3rd party goes, I'll have to do some research. I > >> am trying to > >> use all open src tools and free stuff. Are they any CA's that > >> are free and > >> trusted by most web browser? > > > > I don't think it would be possible to be both free and obtain trust from > > browsers like IE. I remember something called a "web of trust" that was > > pretty close to free. Being trusted requires putting up cash (to > > compensate for people who trust you and are harmed by your > mistakes), and > > putting up cash usually requires charging cash. > > > > DS > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > > > > > -- > View this message in context: http://www.nabble.com/Problems-with-Website%27s-Security-Certificate-tf48781 24.html#a14035090 Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
