On Mon, Jul 14, 2003 at 11:59:20AM -0600, RYAN vAN GINNEKEN wrote: > secondly i have used ssl in my client and netscape 7.1 seems to work > ok. However it ask me to accept a cert every time i log in. I Dont > really mind but my clients are fussy about that stuff.
It is behaving correctly. Get Verisign or another well-known* company to sign your certificate. This will cost you a small amount of money. This is a fundamental property of SSL. The only way that you can be sure that someone is not intercepting your traffic with a "man in the middle" attack is to get your key signed, and for the browser to check the signature on each connection. Furthermore, the certificate assures you that the person you are talking to owns the domain name you have connected to (i.e. you have not been redirected to a third-party site, perhaps through DNS spoofing). Without this assurance, SSL is pretty much worthless (and that's what your browser is reminding your clients). However it does require a chain of trust up to a set of known CA's, and you have to pay one of those CA's to sign your certificate. Regards, Brian. *well-known = has their root public key installed in popular browsers.
