Hi Brian >@2003.07.14_21:38:31_+0200 > It is behaving correctly. Get Verisign or another well-known* company to > sign your certificate. This will cost you a small amount of money. > > This is a fundamental property of SSL. The only way that you can be sure > that someone is not intercepting your traffic with a "man in the middle" > attack is to get your key signed, and for the browser to check the signature > on each connection. Furthermore, the certificate assures you that the person > you are talking to owns the domain name you have connected to (i.e. you have > not been redirected to a third-party site, perhaps through DNS spoofing).
Andy, I think we need a basic SSL Cert intro in the manual / readme / whatever. At least, a link to tdlp's howtos This seems to have been a big sticking point for people recently Maybe just copy & paste some good examples from the CA section of the SSL Cert Howto. SR
