From owner-freebsd-isp Wed Jul 22 18:03:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA05063 for freebsd-isp-outgoing; Wed, 22 Jul 1998 18:03:18 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from phoenix.volant.org (phoenix.volant.org [205.179.79.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA05058 for ; Wed, 22 Jul 1998 18:03:16 -0700 (PDT) (envelope-from patl@phoenix.volant.org) From: patl@phoenix.volant.org Received: from asimov.phoenix.volant.org ([205.179.79.65]) by phoenix.volant.org with smtp (Exim 1.92 #8) id 0yz9ma-0000Ut-00; Wed, 22 Jul 1998 18:02:56 -0700 Received: from localhost by asimov.phoenix.volant.org (SMI-8.6/SMI-SVR4) id SAA11709; Wed, 22 Jul 1998 18:02:53 -0700 Date: Wed, 22 Jul 1998 18:02:52 -0700 (PDT) Reply-To: patl@phoenix.volant.org Subject: Re: Apache-FP-SSL Port To: "Scot W. Hetzel" cc: FreeBSD-ISP In-Reply-To: <00d601bdb44b$5b7b5c40$c3e0d9cf@westbend.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > ... > The following is untested: > > - FrontPage - edit/add/modify FP webs using the secure server > > The reason I can't test this is because I don't have a certificate with a > valid CA. > When I try to access the secure server with FrontPage I receive the > following warning: > > "FrontPage is unable to establish a secure connection with the server, > because the server's SSL certificate is either invalid, or issued by an > untrusted certificate authority" > > ... If FrontPage works anything like SSL-capable browsers, you should be able to install the CA certificate into the client and set it as a trusted authority. Then FronPage should accept your server's certificate. If you are using a self-issued certificate, you can install it into clients by putting a link in your insecure server. The link should be to your self-issued CA certificate in DER form. (NOTE: It's the CA certificate, not the server certificate.) The only potentially tricky part is that you need to ensure that the file will be sent as application/x-x509-ca-cert. If you have as-is handling turned on, you can simply call the file something like 'my-CA-cert.der.asis', make the link use http="my-CA-cert.der". (As-is handling is turned on by the following line in your server config: AddHandler send-as-is asis The first line of the file should contain the Content-Type: header: Content-Type: application/x-509-ca-cert The second line should be blank; and the rest of the file is the binary DER format certificate. When a client browser clicks on the link, the user will be presented with an opportunity to accept add the certificate to their database. At least that's how it works with Netscape. With M$ products, your milage is very likely to vary... -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message