On Fri, Jul 11, 2003 at 08:36:57PM -0600, RYAN vAN GINNEKEN wrote: > > need to know a few things about open ssl I keep getting errors about > certificates ending in root or something like that. Is this still a > secure connection.
I'm guessing the error you're seeing is that the certificate is not signed by a trusted Certificate Authority, which would be true if you're using a self-signed certificate. Your browser has a set of public keys for known, generally trusted certificate authorities (such as Verisign). If the certificate is not signed by one of them, then you will get this warning. Your connection is still encrypted. However it's impossible to tell whether there's a "man-in-the-middle" attack going on: that is, someone who has intercepted your communication, is decrypting it and re-encrypting it with a different key. > Also Do you have a method of self signing certs or > supplying some kind of client cert so that my clients do not receive > this message all the time. No. You have to either buy a signed certificate from a recognised CA, or you have to set up your own CA and all your clients have to install *your* CA's root certificate in their browser. Regards, Brian.
