From owner-freebsd-questions Wed Sep 19 11:24:31 2001 Delivered-To: freebsd-questions@freebsd.org Received: from teak.adhesivemedia.com (teak.adhesivemedia.com [207.202.159.79]) by hub.freebsd.org (Postfix) with ESMTP id 18F2637B408 for ; Wed, 19 Sep 2001 11:24:25 -0700 (PDT) Received: from localhost (philip@localhost) by teak.adhesivemedia.com (8.11.6/8.11.6) with ESMTP id f8JIOOW44706; Wed, 19 Sep 2001 11:24:24 -0700 (PDT) (envelope-from philip@adhesivemedia.com) Date: Wed, 19 Sep 2001 11:24:24 -0700 (PDT) From: Philip Hallstrom To: Todd Reed Cc: Subject: Re: Signing SSL Certificates In-Reply-To: Message-ID: <20010919112153.D44556-100000@teak.adhesivemedia.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG True, but if it's for a known number of clients (or you just don't care) you can do it. Read the docs that come with modssl.. there is a step-by-step in there on creating your own certificate and signing it. To avoid getting the popup each time you need to add the following to your config: SSLCertificateChainFile /path/to/your/ca.cert Then when you do get the popup, "install" or "import" both certificates (you have to dig in the dialog to get to the second one). Although no matter what you do this won't work on IE for the mac which will popup a message *every* time they click a link... -philip On Wed, 19 Sep 2001, Stephen Hovey wrote: > > the browsers come with preconfig'd acceptable cert authorities - which > isnt you - so while it will make the SSL connection, the end user will get > that pop up. > > On Wed, 19 Sep 2001, Todd Reed wrote: > > > Does anyone using SSL sign their own certificates without using Verisign or > > another company? I've got my HTTPS server up and running fine, but it will > > give a message when entering the site from a browser: > > > > Yellow !: The security certificate was issued by a company you have not > > chosen to trust. View the ertificate to determine whether you want to trust > > the certifying authority > > > > Green Check: The Security certificate date is valid > > > > Yellow !: The name on te security certificate is invalid or does not match > > the name of the site. > > > > I've read where I need to setup a signing CA. I've read through the MODSSL > > documentation, but I still can't get it. Are there other recomendations or > > anyone know of any other info that may help? > > > > --Todd > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message