[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Using self signed certificates to secure admin pages.

Subject: Re: [cobalt-security] Using self signed certificates to secure admin pages.
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 22 Feb 2002 22:44:00 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Friday 22 February 2002 08:53 pm, duncan gray wrote:
> Ok, you guys I guess are getting sick of this so ill
> try and be brief, I discoverd its very easy to enable
> ssl on your server e.g. site setting turn on ssl, then
> go to the ssl certificate page, fill in the details
> and create your self signed certificate.. Now the
> question is when i type in
> https://www.myserver.com/admin
> (after saying yes i accept this dodgy certificate)
> it gives me the admin page login, I put my details in,
> but once the I click ok I notice that the admin pages
> have defaulted back to http:// instead of https://

This is not normal. it should stay in https
What browser are you using, and have you tried it with different browsers?

> I dont think that this is that important as long at
> the main login bit was done using the encryption, but
> my question is .. is it? or is a redirect or something
> going on first which is redirecting it to the login
> bit with out the encryption.

The answer is how does one actually find out?, unless you have a sniffer.
As a SWAG the login is encrypted.

--
Gerald Waugh

References:
- [cobalt-security] Using self signed certificates to secure admin pages.
  - From: duncan gray

Prev by Date: Re: [cobalt-security] Best way to check email securely?
Next by Date: Re: [cobalt-security] Securing Admin Pages
Previous by thread: [cobalt-security] Using self signed certificates to secure admin pages.
Next by thread: [cobalt-security] extra detail on the ssl redirection problem

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index