[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-isp
Subject: Re: SSL certificates
From: James <oneiros () darkspire ! net>
Date: 2002-06-03 6:56:50
[Download RAW message or body]
Thus spake Mark Bojara (mark@mics.co.za):
> so do I have to have a physical link to a .pem file or can I use the
> certificate on a SSL site and it will ask them to install it?
A physical link will do the trick. For security purposes, clients
should only accept a new CA certificate when it's explicitly requested,
or is included in a pack with a client cert they're importing.
Name it something like ca.crt, and make sure the content-type is set
properly. Then they can go to http://something/path/to/ca.crt and
their browser should take care of it automatically. Wheeee.
To be safe, look for:
AddType application/x-x509-ca-cert .crt
in your apache config.
If you'd like it to be something.pem, just pop in another AddType for
it.
HTH.
--
James <oneiros@darkspire.net> A cat stalking near
uri: http://oneiros.darkspire.net/ the Emperor's palace. A
1024D/62C2F77D crouching cat. A fox.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic