[thelist] Homegrown SSL

Ken Schaefer ken at adOpenStatic.com
Wed Mar 24 18:18:58 CST 2004 

It's only "irrelevant" because you don't understand how the certificate
trust heirachy works. You need to import the certificate of the issuing CA
(Certificate Authority). Then your browser will trust certificates issued by
that CA.

The whole point of certificates is to verify that someone (or something) is
who they say they are.

1) You say you are "x"
2) You have a certificate from "y" saying you are "x"
3) I trust "y"
4) The certificate that "y" gave you has not been altered, revoked, or
expired
5) I believe that you are "x"

Browsers have a number root certificates pre-installed. These are the "y"
people in step 3, that are trusted. If you want to add additional trusted
CAs, then you need to import their root certificates. To see what root
certificates you have installed:

In IE, goto Tools -> Internet Options -> Content -> Certificates -> Trusted
Root Certification Authorities tab

In Moz, Edit -> Preferences -> Privacy & Security -> Certificates ->
Authorities

Cheers
Ken

Microsoft MVP - Windows Server (IIS)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Rob Smith" <rob.smith at THERMON.com>
Subject: RE: [thelist] Homegrown SSL


: Irrelevant. I have tried installation after installation. Because the cert
: is not verified through a valid certificate authority, you WILL get that
: prompt. If someone can  out there can prevent the prompt with a
: homegrown'er, I am very interested in the solution. We've been facing the
: prompt for about two years now.
:
: -----Original Message-----
: From: david.landy at somerfield.co.uk [mailto:david.landy at somerfield.co.uk]
: Sent: Wednesday, March 24, 2004 8:23 AM
: To: thelist at lists.evolt.org
: Subject: RE: [thelist] Homegrown SSL
:
:
: <snip>
: A small caveat with using your own SSL cert, if you do use it on an
https://
: site, it will give you an annoying prompt EVERY ... SINGLE ... TIME
warning
: you about a site that is entrusted [Yes] [No] [Cancel].
: </snip>
:
: Unless you choose to install the cert on your machine?
:
: David
:
: If you are not the intended recipient of this e-mail, please preserve the
: confidentiality of it and advise the sender immediately of any error in
: transmission. Any disclosure, copying, distribution or action taken, or
: omitted to be taken, by an unauthorised recipient in reliance upon the
: contents of this e-mail is prohibited. Somerfield cannot accept liability
: for any damage which you may sustain as a result of software viruses so
: please carry out your own virus checks before opening an attachment. In
: replying to this e-mail you are granting the right for that reply to be
: forwarded to any other individual within the business and also to be read
by
: others. Any views expressed by an individual within this message do not
: necessarily reflect the views of Somerfield.  Somerfield reserves the
right
: to intercept, monitor and record communications for lawful business
: purposes.

More information about the thelist mailing list