Bruce Dubbs wrote these words on 02/23/09 16:48 CST:> Randy, > You have to understand how certificates work. They are signed by a > certificate authority. If you don't have the CA's public certificate you > can't > authenticate the server cert. Without the CA public certs, https would never > authenticate. Therefore you need the certs from Verisign, Entrust, etc.
I understand the concept, and am used to have to adding in the occasional site (many Gnu https:viewcvs type sites, for that matter) if they aren't included in my personal certs. I suppose I should have been more clear in my original message in not "what they do", and more with "how is what you're saying going to affect the book". I was more confused with this bit of us having to provide a "vendor specific root CA" that DJ was speaking of. Then the fact that both DJ and Dan were saying that we could use OpenSSL certs, when in fact they don't even ship any, just confused me further. It wasn't conceptual thing, it was an application pertaining to our book thing. Regardless, let's just see what pans out. Dan earlier mentioned that OpenSSL's CAs won't fly, so let's see what the alternatives are. -- Randy rmlscsi: [bogomips 1003.24] [GNU ld version 2.16.1] [gcc (GCC) 4.0.3] [GNU C Library stable release version 2.3.6] [Linux 2.6.14.3 i686] 19:53:00 up 16 days, 12:16, 1 user, load average: 0.24, 0.05, 0.02 -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
