Thanks for the suggestion, but I've already tried that, more or less....
My web server config already has that mime type configured, and the
client is capable of recognizing the properly served filetype. I've
tried installing certificates through IE's wizard automatically in such
a way... as well as manually in it and other browsers (downloading
certificate and importing).
My primary skills are that of webmaster (using that word should tell how
long I've been in that game! <grin>), so I am aware of how much the
browsers vary in doing things... which is why I tried every way of
installing in every browser I have. I agree with you about the latest
versions of MSIE and that stupid wizard they now use!
I'm pretty sure it something in my generating keys, rather than client
issues.
John R Pierce wrote:
On 09/22/10 11:57 AM, Chris Rider wrote:
We have a client/server architecture based product that needs to
allow SSL communication between our server (CentOS) and various
clients' web browsers (and additionally, other devices, but that's
beyond the scope of this post).
We've been able to get SSL working in both of two different ways
(self-signed certificate & self-signed CA with certificates signed by
that) -- so that is not the issue. Rather, our whole issue is that we
don't want the end-users to confronted with a big scary browser
message that says something akin to "There's a Problem With Security!
/ Allow Exception, etc." If they must install a certificate or two,
that would be acceptable, though. So I thought that creating my own
CA to sign certificates with would be a solution.... apparently not.
I'm now getting browser messages that say the certificate's issuer is
not trusted!!! Very frustrating.
take your selfsigned CA public certificate, name it something.cer, and
place it on a web server, making sure the webserver understands that
.cer is mime type application/x-x509-ca-cert
give your clients the link to that .CER ... they have to accept it
and add it to their trusted root certificate storage, the specifics of
doing this vary by web browser (current versions of MSIE have made
this harder than it should be)
once that .cer is installed in the browsers trusted root authorities,
then anything signed by that CA will be accepted.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
