[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Using self signed certificates to secure admin pages.
- Subject: Re: [cobalt-security] Using self signed certificates to secure admin pages.
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 22 Feb 2002 22:44:00 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Friday 22 February 2002 08:53 pm, duncan gray wrote:
> Ok, you guys I guess are getting sick of this so ill
> try and be brief, I discoverd its very easy to enable
> ssl on your server e.g. site setting turn on ssl, then
> go to the ssl certificate page, fill in the details
> and create your self signed certificate.. Now the
> question is when i type in
> https://www.myserver.com/admin
> (after saying yes i accept this dodgy certificate)
> it gives me the admin page login, I put my details in,
> but once the I click ok I notice that the admin pages
> have defaulted back to http:// instead of https://
This is not normal. it should stay in https
What browser are you using, and have you tried it with different browsers?
> I dont think that this is that important as long at
> the main login bit was done using the encryption, but
> my question is .. is it? or is a redirect or something
> going on first which is redirecting it to the login
> bit with out the encryption.
The answer is how does one actually find out?, unless you have a sniffer.
As a SWAG the login is encrypted.
--
Gerald Waugh