Re: Cert signed by own CA and IE
"Andrea Cerrito" <[EMAIL PROTECTED]> writes: > > > > Connecting to a secure site with a certificate signed by own CA, IE > > > > seems to provide no obvious way of permanently adding the cert to the > > > > browser's configuration. As a result, a warning that "The security > > > > certificate is issued by a company you have not chosen to trust..." is > > > > displayed every time I'm trying to establish a connection. Is there a > > > > fool-proof way to permanently add a certificate or tell IE that the CA > > > > is to be trusted? > > > > > > Show Certificate / Install Certificate. > > > > I tried that, and it didn't work. It told me that the certificate was > > installed successfully, but once I quit IE, restart it, and load the > > page again, it displays the same warning again. > > > > The minimal html page I'm experimenting with is at https://www.thpoon.com > > If anyone would try to install the certificate from it in IE: maybe I > > did something wrong with configuration? > > I wasn't able to install it. > Can u print your conf? You mean from httpd.conf? Since it's huge, I've posted it at http://www.thpoon.com/tmp/httpd.conf The SSL-related stuff is at the bottom of it. Thanks! -- Arcady Genkin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: List configuration (posting from a different email)
Rich Salz <[EMAIL PROTECTED]> writes: > > Posts to the list from email address different from the one > > I'm subscribed to are silently dropped > > It is a deliberate anti-spam feature. That much I figured out. Leaving out the discussion of questionability of such measure, I think that a bounce should be sent if a post is not accepted. -- Arcady Genkin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: R: Cert signed by own CA and IE
Paul-Catalin Oros <[EMAIL PROTECTED]> writes: > Have you solved your problem? I wasw able to install your > Certificate, after I installed your self-signed CA certificate. Is > it possible this to be the missing step in your testing? The CA cert > has to be added to your root auth., then you'll be able to install > the actual server certificate. Yes, it seems that I have solved the problem by pointing SSLCertificateChainFile to my ca.crt, with off-list help from another list member. It now works fine. In my opinion the easiest way of configuring IE to access sites with sertificates singed by own CAs is to put the CA's certificate in a URL and let the users click on it: the browser will pop up a dialogue to install a new root authority cert, and after that all is done. Thanks, -- Arcady Genkin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
List configuration (posting from a different email)
This may have already been discussed, but I didn't find it in the archives. Posts to the list from email address different from the one I'm subscribed to are silently dropped: they are not allowed through, neither are they bounced. I find this behaviour a bit frustrating: at first I have to be always mindful whether I post from work or from home, and adjust my From line accordingly; secondly if I make a mistake by forgetting to adjust my From line, I have no means of knowing it other than my message not appearing in the list. Is this intentional or a misconfiguration? Thanks, -- Arcady Genkin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: R: Cert signed by own CA and IE
"Andrea Cerrito" <[EMAIL PROTECTED]> writes: > > > > Connecting to a secure site with a certificate signed by own CA, IE > > > > seems to provide no obvious way of permanently adding the cert to the > > > > browser's configuration. As a result, a warning that "The security > > > > certificate is issued by a company you have not chosen to trust..." is > > > > displayed every time I'm trying to establish a connection. Is there a > > > > fool-proof way to permanently add a certificate or tell IE that the CA > > > > is to be trusted? > > > > > > Show Certificate / Install Certificate. > > > > I tried that, and it didn't work. It told me that the certificate was > > installed successfully, but once I quit IE, restart it, and load the > > page again, it displays the same warning again. > > > > The minimal html page I'm experimenting with is at https://www.thpoon.com > > If anyone would try to install the certificate from it in IE: maybe I > > did something wrong with configuration? > > I wasn't able to install it. Can u print your conf? You mean from httpd.conf? Since it's huge, I've posted it at http://www.thpoon.com/tmp/httpd.conf rather than sending to the list. The SSL-related stuff is at the bottom of it. Thanks! p.s. This is a repost, since I have replied from a different email address than the one I've subscribed from and I'm afraid that it didn't come through. Sorry if this is a dupe. -- Arcady Genkin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Cert signed by own CA and IE
"Andrea Cerrito" <[EMAIL PROTECTED]> writes: > > Connecting to a secure site with a certificate signed by own CA, IE > > seems to provide no obvious way of permanently adding the cert to the > > browser's configuration. As a result, a warning that "The security > > certificate is issued by a company you have not chosen to trust..." is > > displayed every time I'm trying to establish a connection. Is there a > > fool-proof way to permanently add a certificate or tell IE that the CA > > is to be trusted? > > > > Any pointers highly appreciated, > > Show Certificate / Install Certificate. I tried that, and it didn't work. It told me that the certificate was installed successfully, but once I quit IE, restart it, and load the page again, it displays the same warning again. The minimal html page I'm experimenting with is at https://www.thpoon.com If anyone would try to install the certificate from it in IE: maybe I did something wrong with configuration? Many thanks, -- Arcady Genkin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Cert signed by own CA and IE
Connecting to a secure site with a certificate signed by own CA, IE seems to provide no obvious way of permanently adding the cert to the browser's configuration. As a result, a warning that "The security certificate is issued by a company you have not chosen to trust..." is displayed every time I'm trying to establish a connection. Is there a fool-proof way to permanently add a certificate or tell IE that the CA is to be trusted? Any pointers highly appreciated, -- Arcady Genkin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Being one's own CA for a University computer lab
The documentation states that being one's own CA is insecure in the Internet environment, while is acceptable on the intra-net. Could anyone explain the issues implied by that statement? Also, to what extent is the user inconvenienced by an SSL site using certificate signed by a non-well-known authority? Are the browsers cooperative when it comes to adding such an authority to the list of known CAs? We are planning on setting up a secure site for a university's computer lab for the instructors and students to use. So, the context is non-commercial environment where the users can trust us to provide valid certificates. They'll be connecting both via the local network and the Internet, though, and we'd like to know what we are risking by going the way of being our own CA. Many thanks in advance, -- Arcady Genkin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
