Can mod_ssl be configured (and if so, how) to send a server
certificate chain consisting not only of a the server certificate,
but also of the corresponding CA certificate(s)? That way, sane
browsers can ask the user to check just the highest-level
certificicate (i.e., its fingerprint); but the user will not be
bothered with the site certificate's fingerprints, which is the point
in building a CA. Of course, the user could first download the CA
certificate from a non-SSL site before visiting one of the sites that
are certified by that CA; but it should be possible to avoid that
additional step (in settings where the extra network traffic is not a
crucial issue).
Bodo Moeller
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
