[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: Doug Kaufman
Subject: Re: lynx-dev FORCE_SSL_PROMPT:NO
Date: Fri, 25 Jul 2003 20:03:00 -0700 (PDT)

On Fri, 25 Jul 2003, Stef Caunter wrote:

> Thanks. Fixed. I'll be offline for a day and a half.

> ... 
> When you would like to trust a self-signed (non-commercial) certificate you 
> will
> need to get hold of the actual file. If it's a cert local to your network you
> can ask the sysadmin to make it available for download as a link on a webpage.

I am not sure how much information that isn't specific to lynx belongs
in a file like this. This part of the file would be a reasonable place
to mention how you can get the server certificate using the s_client
mode of openssl. To get the certificate from the site "whatever.invalid",
assuming a standard https connection to port 443, you can do 
"openssl s_client -connect whatever.invalid:443 |tee certfile",
then type "QUIT" followed by a carriage return; or do 
"echo QUIT | openssl s_client -connect whatever.invalid:443 > certfile"

Then just edit the file "certfile" to get rid of the material around the
server certificate. This should eliminate the need to ask administrators
to make the file available as a link.
Doug Kaufman
Internet: address@hidden

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]