[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Self Generated SSL Certificate problem

Subject: RE: [cobalt-security] Self Generated SSL Certificate problem
From: "Michael Kovalik" <admin@xxxxxxxxxxxxxxxx>
Date: Tue, 18 Jun 2002 11:35:56 +1000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>>Or if you wanted to be tricky about it, you could SSH into the
>>server and use the copy of OpenSSL to generate a CA certificate.
>>Then load this CA certificate (public side of course) into your
>>browser. Then use this CA certificate to sign the certificate
>>used by Cobalt Admin. This way, your browser can authoritivly
>>approve the certificates authenticity and you havent had to
>>shell out any money or install any other software.

>This seems like a neat trick but even though *you* won't get an error
>message in *your* browser, won't  *everyone* elses browser still show the
>error because their browsers aren't preprogrammed to recognize you as a CA?

True, however ... In many cases, only one person (or a small group) needs
to access the administrative interface. Also, if your virtual-host admins
want to access theirs they either a) get exactly the same error message
as they would have gotten before (or) b) you give them a copy of the CA
certificate when they sign up and call it "part of the key to the secure
admin area"

References:
- RE: [cobalt-security] Self Generated SSL Certificate problem
  - From: Brian Rahill

Prev by Date: RE: [cobalt-security] Self Generated SSL Certificate problem
Next by Date: [cobalt-security] Security Apache 1.x
Previous by thread: RE: [cobalt-security] Self Generated SSL Certificate problem
Next by thread: [cobalt-security] Security Apache 1.x

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index