[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Patch for SSL warning

From: Clemens Fischer
Subject: Re: lynx-dev Patch for SSL warning
Date: 21 Nov 2002 14:21:50 +0100
User-agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.2 (i386--freebsd)

David Woolley <address@hidden>:

> Self signing the server certificate is not very sensible, but that
> would be the one to install if it is self signed.  A more sensible
> approach would be for them to create a self signed (i.e. root
> certificate) for the whole organisation, and use that to sign the
> server certificates.

this is definitely good advice.  i wonder why they didn't bother.
could the original poster "walk down the hall" to where the servers
are situated and propose this more clean solution?  it is not in any
way [much] more complicated than making a single, self-signed cert in
the first place, but everybody using these certs would benefit, more
so in case false certificates are introduced.

suddenly, the browsers warning before using self-signed certificates
would start to make sense, and it would be the users own
responsibility to deny them, and he would do the right thing, even!

btw:  does somebody have a good URL for making and using local CA
certificates?  it would have to feature relevant sections of a
modified openssl.cnf to make sense, because entries in this
configuration file don't have to be specified over and over again in
interactive use of the openssl(1) utility.  beware that this file may
have other names, too, ie. this name isn't hardcoded.


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]