From owner-freebsd-questions@FreeBSD.ORG  Sat Jul 12 23:34:50 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 870B437B401
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Jul 2003 23:34:50 -0700 (PDT)
Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.220.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1DFE143FB1
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Jul 2003 23:34:50 -0700 (PDT)
	(envelope-from admin2@enabled.com)
Received: from enabled.com (localhost.enabled.com [127.0.0.1])
	by typhoon.enabled.com (8.12.9/8.12.9) with ESMTP id h6D6YkaU011031;
	Sat, 12 Jul 2003 23:34:46 -0700 (PDT)
	(envelope-from admin2@enabled.com)
From: "admin" <admin2@enabled.com>
To: Augusto Jun Devegili <freebsd@devegili.org>,
	admin <admin2@enabled.com>, freebsd-questions@freebsd.org
Message-Id: <20030713061434.M56305@enabled.com>
In-Reply-To: <3F10EAAC.1010209@devegili.org>
References: <20030713030742.M58442@enabled.com>
	<3F10EAAC.1010209@devegili.org>
X-Mailer: Open WebMail 2.01 20030425
X-OriginatingIP: 131.161.240.131 (admin2)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Subject: Re: SSL certificates and IE
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
Date: Sun, 13 Jul 2003 06:34:50 -0000
X-Original-Date: Sat, 12 Jul 2003 22:34:46 -0800
X-List-Received-Date: Sun, 13 Jul 2003 06:34:50 -0000

On Sun, 13 Jul 2003 02:14:20 -0300, Augusto Jun Devegili wrote
> Considering you won't buy a certificate from a trusted CA, you might 
> tell your users to install your CA certificate or your Web server 
> certificate by providing a link to these certificates: IE will 
> download them, ask the user if he/she trust them and put them in the 
> trusted certificate store.
> 
> Alternatively, when a user connects to an SSL Web server and IE 
> doesn't trust the certificate, there's an option in the dialog box 
> which allows for the certificate installation in the trusted 
> certificate store.
> 
> Anyway, you won't be able to change your certificate so that your 
> users access your SSL Web server without some sort of warning... 
> unless you buy a certificate from some (IE) trusted CA, such as Verisign.



Thanks for the advice - I understand a lot more now.  How can I find out who
all the trusted CA companies are?

- Noah


> 
> admin wrote:
> > OS: FreeBSD 4.8
> > mod_ssl 2.8.14
> > apache 1.3.27
> > 
> > 
> > ---
> > 
> > I am now servering a certificate to web connections. 
> > Internet Explorer complains of the certificate not being issued by a trusted
> > company.
> > 
> > I am the CA for the certificate.  What are ways I can modify the certificate
> > so IE does not complain about this anymore?
> > 
> > - Noah