> how do people build SSL systems which do not require the client to
> accept certificates? E.g. if you want to order a book at www.amazon.de
> and you are using the SSL connection, users do not have to accept the
> certificates, although the certificate of the website is not in the
> browser implemented, yet and the site is used the first time.
The signer/issuer certificate of the server-certificate is in the browser
cert-db, this CA is "trusted", and so the issued Certs are trusted.
A client like Netscape knows about the CA Certificate of Thathwe, Verisign
and others. If the server uses a Certificate signed by one of these CA's,
it doesn't ask the user. So you have to go to Thathwe or Verisign (i.e.)
and buy a Certificate.
oki,
Steffen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
