[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to configure apache-ssl to offer the Cert to install?

> Am 2009-09-11 13:03:09, schrieb Bertrand Yvain:
> > This cannot work.  The client should have the CA certificate before
> > SSL/TLS handshake.  You'll have to find a way to offer the certificate
> > beforehand.
> > 
> > This can be done over HTTP by sending your CA certificate with
> > application/x-x509-ca-cert MIME type (grep x509 /etc/mime.types).
> > Decent client software should then ask the user if she wants to install
> > the certificate as trusted.

On 11.09.09 14:09, Michelle Konzack wrote:
> So, my website need a redirection?
> Is there a possibility for the server to check whether a CERT is already
> installed?  I mean, if a user connect to my HTTP website, a script could
> check for the existence of my enterprise cert and if it is  not  already
> installed open a windows which offer the download.

the server can't do such thing. It's the client who requests the content
from the server and executes the scripts.  Internet is unsafe enough, we
don't need to make it more unsafe by wanting servers to execute code on

> But what me let puzzeling is, that I connected to a HTTPS website and  a
> PopUp (Firefox) opened with the message that the  Website  is  encrypted
> and a suitable cert is not installed on my system and that  the  website
> offer to download the cert.  I accepted and a new Dialog (from  Firefox)
> opened where I can check the thing and ACCEPT/DECLINE it.
> This is what I like to have.

you usually have something similar to this, it only says that the
certificate is not known, but you usually choose to install it.

Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.

Reply to: