Andrew
You may need to buy a trusted certificate from some company who sells them like for example "VeriSign". They are pretty expensive. I take it whatever organisation you are working for then they will have to buy it. I am afraid you cannot convert a certificate to a trusted one using openssl unless you make certificates for both the client and the server yourself. If you are distributing software to clients and then they connect to your server then you can embed your trusted ca when you install the software but if for example you have no control over the client side then you need to buy the certificate. What are you using the cetificates for?. For example www.amazon.com have a trusted certificate. Because anyone browsing the web can log on but there is no control on the client side so the only way they can have security is to buy their certificate from an agency that specializes in it. The web browser checks to see if the web
sites certificate is from a trusted authority(e.g verisign) if it is then only a security alert dialog box appears and you click ok to enter but if its a self signed certificate then another dialog box appears after you click ok. This warns you that the certificate was not issued by a trusted authority so it is not "trusted". A self signed certificate and a trusted certificate have the same security as far as encryption is concerned but the trusted certificate is from an agency that specialises in making certificates. This explains the process for making a self signed certificate for a web browser at http://www.xenocafe.com/tutorials/self_signed_cert_IIS/self_signed_cert_IIS-part1.php. If you set up this server on windows XP and then try to log in to your machine you will see the two dialog boxes appear. In a secure website the second dialog box does not appear because the site is
trusted. I gave you this example because it is very simple and easy to understand presuming you have windows XP.
Hope this helps.
Michael
Andrew Madu <[EMAIL PROTECTED]> wrote:
Andrew Madu <[EMAIL PROTECTED]> wrote:
Hi Michael,
yes I have made a self signed certificate (untrusted) which I want to make trusted if possible.
regards
Andrew
On 3/20/06, michael Dorrian <[EMAIL PROTECTED]> wrote:what exactly do you mean?. Have you made a self signed certificate yourself which is untrusted or what type of certificate have you now that is "untrusted".
Andrew Madu < [EMAIL PROTECTED]> wrote:Hi,I have created a selcert certificate, under java 1.5, which I need to convert to a trusted one. How can I do this using openssl or keytools?regardsAndrew
Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.
Yahoo! Mail
Use Photomail to share photos without annoying attachments.
