On 7/6/2011 11:24 AM, Merrill Oveson wrote: > A user got this error: > > Error validating server certficate for https://www.ourserver.com:443: > Unknown certificate issuer. > Fingerprint: XX:XX:XX....... This fingerprint is the same style of fingerprint you might find in an ssh key when you accept it for the first time. It's just a loose hash of the key, so you can see if it's way off from what you're expecting. Think of it like an md5 hash of a file. > Distinguished name:<numbers>, > http://certificates.godaddy.com/repository, GoDaddy.com > > Then there's "Accept permanently" "Accept once" "Reject" > > If the user clicks "Accept permanently" everything works and no more warning." > > What does this mean exactly? Is the fingerprint stored somewhere on the > server? > The fingerprint is generated, I believe, by the client, off the key. I'm guessing there. However, the accept permanently is really just saying "Look, I trust this server, even though you can't authenticate their certificate with an authority we trust. Just remember that I trust this cert forever." Then it never bothers you until the cert/key changes.
-Tod Hansmann /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */