SSL

Craig White CraigWhite@AzApple.com
Sun, 25 Jun 2000 22:26:35 -0700


> > the name of the security certificate not matching the name of
> the site.  I
> > don't want to go out and buy a certificate.  Can't I generate
> my own?  Also
>
> Yes. It'll work if you trust yourself :). Anybody else who would use it
> would also have to set their browsers to trust your certificate
> authority. Hopefully that shouldn't be too many people for webmin :).
>
---
Actually, when you install openssl, you install your own certificate which
is not certified by any of the certificate authorities (verisign, thawte
etc.) When you open the https connection with a browser, it sees the
'unverified' certificate being offered and the browser is doing it's bit to
warn you  of a certificate being presented that is not verified by any known
authority. All you need to do is agree to accept the certificate - which if
you generated the certificate by 'making' a test certificate and then
'making' openssl on your system, you should feel pretty comfortable with
that.

Netscape allows you to 'store' the certificate as trusted so it never asks
you again. IE probably does the same thing but there are too many different
versions of IE for me to figure out how and even worse, Webmin has had
difficulty with varying versions of IE.

The funny thing about security certificates is buying them - they trust you
and certify you if you pay them $100 - kind of sums up e-commerce.

Craig