[H-GEN] https + apache

[Michael Anthon]

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

>
>
>    All my questions arise from this f#*$)*! X509 cert.  If I could get
>    rid of it then life would be easy.  Its all the more frustrating
>    because I don't see how it raises the security of HTTPS.  It sole
>    function seems to be yet another dismal failure from Netscape in
>    its attempt to build a business.
>  
>
I have similar feeiling about this.  I want to be able to use SSL to 
secure the connection but I couldn't care less if the client believe I 
am who I say I am (which is what CA signed certs is all about)

>    If I don't want the "unsafe" message then I need a trusted root CA
>
This depends a bit on your target.  If it's J. RandomUser then you don't 
really have a choice.  If you don'thave it signed by a root CA then they 
will get the warning [1].  If it's targeted at machine you have control 
over you can generally import extra certificates into the browser to 
avoid the warnings.

I'm currently looking around myself, www.fressl.com seems to be 
reasonably priced.

Cheers
Michael



--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/