Re: How to configure apache-ssl to offer the Cert to install?

To: debian-isp@lists.debian.org
Subject: Re: How to configure apache-ssl to offer the Cert to install?
From: Marcin Sochacki <wanted@gnu.univ.gda.pl>
Date: Mon, 14 Sep 2009 20:53:46 +0200
Message-id: <20090914185346.GB24149@gnu.univ.gda.pl>
Mail-followup-to: debian-isp@lists.debian.org
In-reply-to: <20090911120156.GE6597@tamay-dogan.net>
References: <20090911091157.GD6597@tamay-dogan.net> <20090911114431.0a575cd4@benjamin.focusmr.co.at> <20090911120156.GE6597@tamay-dogan.net>

On Fri, Sep 11, 2009 at 02:01:56PM +0200, Michelle Konzack wrote:
> Where is the difference between THIS and Verisign or others.
> 
> The certs look EXACTLY the same...

I doubt, your cert is not signed by one of the "trusted" authorities,
which have their root certs built into major browsers.

You would need to convince all your customers to trust your CA and
install your CA's root cert in their browsers. It is possible, but very
very hard to do in real world due to customers' lack of knowledge and
opposition against anything new.

If you want to try anyway, you could post a link to your CA cert file
somewhere on your main webpage and with appropriate MIME type. When a
user clicks the link he/she would be presented with an option to install
the cert into the browser. It requires some manual action and it's
unavoidable, otherwise the whole concept of https trust model would be
broken, if websites could easily install their certs without user's
action.

> > I suggest getting certificates from trusted CA-authorities (Geotrust,
> > Verisign, Thawte, Godaddy, etc). You also may be interested in wildcard
> > domain certificates, if you have a lot of subdomains.
> 
> NEVER!  --  My three Certs where falsified to DOS my network because the
> "Neda" problem with Iran!!!!!!!!!!!!!!!!!

I don't get it, as others have pointed in the thread. What does DoS and
shutting down backbone links have to do with cert falsification (or
maybe you mean revocation?)? It's not related IMO.

> -- 
> Linux-User #280138 with the Linux Counter, http://counter.li.org/
> ##################### Debian GNU/Linux Consultant #####################
> <http://www.tamay-dogan.net/>                 Michelle Konzack
> <http://www.can4linux.org/>                   Apt. 917
> <http://www.flexray4linux.org/>               50, rue de Soultz
> Jabber linux4michelle@jabber.ccc.de           67100 Strabourg/France
> IRC    #Debian (irc.icq.com)                  Tel. DE: +49 177 9351947
> ICQ    #328449886                             Tel. FR: +33  6  61925193

-- 
+---------------------------------------+
|  -o)  http://wanted.eu.org/
|  /\\  Message void if penguin violated
+ _\_V  Don't mess with the penguin

Reply to:

References:
- How to configure apache-ssl to offer the Cert to install?
  - From: Michelle Konzack <linux4michelle@tamay-dogan.net>
- Re: How to configure apache-ssl to offer the Cert to install?
  - From: Benjamin Hackl <benjamin.hackl@focusmr.com>
- Re: How to configure apache-ssl to offer the Cert to install?
  - From: Michelle Konzack <linux4michelle@tamay-dogan.net>

Prev by Date: Newsletter vrs Spam
Next by Date: Re: Newsletter vrs Spam
Previous by thread: Re: How to configure apache-ssl to offer the Cert to install?
Next by thread: Re: [SPAM] How to configure apache-ssl to offer the Cert to install?
Index(es):
- Date
- Thread