From owner-freebsd-questions@FreeBSD.ORG  Sat Jul 12 22:14:52 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 848FD37B401
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Jul 2003 22:14:52 -0700 (PDT)
Received: from hm61.locaweb.com.br (hm61.locaweb.com.br [200.213.197.161])
	by mx1.FreeBSD.org (Postfix) with SMTP id EB40143F93
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Jul 2003 22:14:50 -0700 (PDT)
	(envelope-from freebsd@devegili.org)
Received: (qmail 12470 invoked from network); 13 Jul 2003 05:13:31 -0000
Received: from hm20.locaweb.com.br (200.246.179.120)
  by hm61.locaweb.com.br with QMTP; 13 Jul 2003 05:13:31 -0000
Received: (qmail 6420 invoked from network); 13 Jul 2003 05:14:52 -0000
Received: from unknown (HELO devegili.org)
	(augusto@devegili.org@200.158.0.155)
	by hm20.locaweb.com.br with SMTP; 13 Jul 2003 05:14:52 -0000
Message-ID: <3F10EAAC.1010209@devegili.org>
Date: Sun, 13 Jul 2003 02:14:20 -0300
From: Augusto Jun Devegili <freebsd@devegili.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20030104
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: admin <admin2@enabled.com>, freebsd-questions@freebsd.org
References: <20030713030742.M58442@enabled.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: SSL certificates and IE
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jul 2003 05:14:52 -0000

Considering you won't buy a certificate from a trusted CA, you might 
tell your users to install your CA certificate or your Web server 
certificate by providing a link to these certificates: IE will download 
them, ask the user if he/she trust them and put them in the trusted 
certificate store.

Alternatively, when a user connects to an SSL Web server and IE doesn't 
trust the certificate, there's an option in the dialog box which allows 
for the certificate installation in the trusted certificate store.

Anyway, you won't be able to change your certificate so that your users 
access your SSL Web server without some sort of warning... unless you 
buy a certificate from some (IE) trusted CA, such as Verisign.

admin wrote:
> OS: FreeBSD 4.8
> mod_ssl 2.8.14
> apache 1.3.27
> 
> 
> ---
> 
> I am now servering a certificate to web connections. 
> Internet Explorer complains of the certificate not being issued by a trusted
> company.
> 
> I am the CA for the certificate.  What are ways I can modify the certificate
> so IE does not complain about this anymore?
> 
> - Noah