[EMAIL PROTECTED] wrote:
> Better yet, import the self-generated CA cert (that you used to sign each
> of your SSL certs) into each browser as a trusted root certificate
> authority and no more warnings...
>
>
This is a pretty bad idea unless you are living in a closed system.
If I add the "xanadoo.com" root CA to my trusted root CAs my browser
would stop warning me if I hit a https://www.mytrustedbank.com/ forged
website with a certificate signed by the "xanadoo.com" root CA.
The trust model used with typical browsers is such that you better only
add those root certificates you _really_ trust and don't add lots of
home grown root CAs on the way.
Best regards,
Lutz
PS. Please no new discussion about how trustworthy Verisign et al might
ultimatively be as root CAs. That's a topic of its own.
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
