[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-isp
Subject:    Re: SSL certificates
From:       James <oneiros () darkspire ! net>
Date:       2002-06-03 6:56:50
[Download RAW message or body]

Thus spake Mark Bojara (mark@mics.co.za):

> so do I have to have a physical link to a .pem file or can I use the
> certificate on a SSL site and it will ask them to install it?

    A physical link will do the trick.  For security purposes, clients
    should only accept a new CA certificate when it's explicitly requested,
    or is included in a pack with a client cert they're importing.
    
    Name it something like ca.crt, and make sure the content-type is set
    properly.  Then they can go to http://something/path/to/ca.crt and
    their browser should take care of it automatically.  Wheeee.

    To be safe, look for:
    AddType application/x-x509-ca-cert .crt
    in your apache config.

    If you'd like it to be something.pem, just pop in another AddType for
    it.

    HTH.

-- 
 James <oneiros@darkspire.net>       A cat stalking near
 uri: http://oneiros.darkspire.net/  the Emperor's palace. A
 1024D/62C2F77D                      crouching cat. A fox.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]