On Tue, Jun 18, 2013 at 04:50:06PM -0400, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Carl Young
> > Sent: Tuesday, 18 June, 2013 07:10
>
> > Sorry for top-post - webmail :(
> >
> > In TLS, the server should not send the root certificate - it
> > sends the chain
> From: owner-openssl-us...@openssl.org On Behalf Of Carl Young
> Sent: Tuesday, 18 June, 2013 07:10
> Sorry for top-post - webmail :(
>
> In TLS, the server should not send the root certificate - it
> sends the chain up to, but not including, the root certificate.
>
> From (sorry)
> http://te
ating certificates, up to
> but not including the root certificate from the CA, signed by the CA.
>
>
> Carl
>
>
> From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org]
> on behalf of Cristian Thiago Moecke [cont...@cristiantm.com.br]
>
> Sent: 18 June
ian Thiago Moecke [cont...@cristiantm.com.br]
Sent: 18 June 2013 11:43
To: openssl-users@openssl.org
Subject: Re: Is it possible to grab CA certificate?
If the only certificate that is shown is the server certificate, the server is
not providing the certificate chain, only the ser
If the only certificate that is shown is the server certificate, the server
is not providing the certificate chain, only the server certificate. This
way, you wont be able to get the CA certificate from the SSL connection.
Maybe your network admins want to fix that too.
What is strange is that exc
When I go to SSL site I see this message in fx:
"You have asked Firefox to connect securely to news.ycombinator.com,
but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right
at it > From: owner-openssl-us...@openssl.org On Behalf Of A A
> Sent: Monday, 17 June, 2013 20:58
> Unfortunately fx doesn't let me to export CA certificate. I can only
> view server side certificate and export it. Also, marking the
It works for me (in 20.1, I'm a little behind, but I doubt th
Sorry for top posting, damm gmail web interface did that. I don't have
mutt installed on this machine and it hurts.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Unfortunately fx doesn't let me to export CA certificate. I can only
view server side certificate and export it. Also, marking the
exception as permanent doesn't make fx remember this setting and I
need to accept the certificate warning every time I go to a new SSL
site. I tried to import the certi
Ok, we have too much "maybe"s on an very open discussion that depends on so
many variables... My intention is not to enter on a long discussion on
security policies, I dont think the author of the first email is the
network manager or the one that will deal with changing security policies,
he only
Ø because from a workstation people may access external websites too. Like
banks
And perhaps they shouldn't. Have you seen the size of the built-in browser CA
trust lists recently?
And really, which is more likely: an in-house CA leads you astray, or you bring
some external malware from the
Well... trusting a CA means you trust it for any website you access from
the workstation. Adding exceptions means you trust it only for those
specific sites. I would not recommend adding an untrustworthy in-house CA,
because from a workstation people may access external websites too. Like
banks, fo
Ø By the way, I would NOT recommend add a in-house probably unprotected CA as
a trusted one. The exception is much better to deal with such cases.
If it's a work machine, then absolutely trust the in-house CA, no matter how it
is managed and protected.
/r$
--
Principal Securi
By the way, I would NOT recommend add a in-house probably unprotected CA as
a trusted one. The exception is much better to deal with such cases.
On Mon, Jun 17, 2013 at 1:16 PM, Cristian Thiago Moecke <
cont...@cristiantm.com.br> wrote:
> Its not an fx user list, but let me help you:
>
> On fir
Its not an fx user list, but let me help you:
On firefox side, you could
1) Add a permanente excepion (just make sure to check the appropriate
checkbox on the exception dialog) so it wont ask you every time
2) Export the certificate, clicking on the lock icon on the URL bar and
going to More Infor
15 matches
Mail list logo