On Sun, Aug 18, 2002 at 11:40:13PM -0700, Anbuchezhian Chelliah wrote: > Hi Danny, > I guess I understood your doubt. If not, please > ignore this. There should be 'ca-bundle.crt' file in > which you can put the third party's certificate and > you could make a try.
Whoa! If you are running your own CA and only want your https server to accept certs signed by that CA, then YOU MUST NOT USE THE ca-bundle.crt FILE!!! Replace it with your own cacert instead. Otherwise you are actually telling your https server that *any* cert signed by *any* CA is valid - which may not be what you want... This is especially pertinent given the huge SSL hole found in IE/Konqueror recently... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
