On Fri, 25 Jul 2003, Stef Caunter wrote:
> Thanks. Fixed. I'll be offline for a day and a half.
> ...
> INSTALLING A SELF-SIGNED CERTIFICATE:
>
> When you would like to trust a self-signed (non-commercial) certificate you will
> need to get hold of the actual file. If it's a cert local to your network you
> can ask the sysadmin to make it available for download as a link on a webpage.
I am not sure how much information that isn't specific to lynx belongs
in a file like this. This part of the file would be a reasonable place
to mention how you can get the server certificate using the s_client
mode of openssl. To get the certificate from the site "whatever.invalid",
assuming a standard https connection to port 443, you can do
"openssl s_client -connect whatever.invalid:443 |tee certfile",
then type "QUIT" followed by a carriage return; or do
"echo QUIT | openssl s_client -connect whatever.invalid:443 > certfile"
Then just edit the file "certfile" to get rid of the material around the
server certificate. This should eliminate the need to ask administrators
to make the file available as a link.
Doug
--
Doug Kaufman
Internet: [EMAIL PROTECTED]
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
