Apache web servers come many times with a CA bundle installed (mostly
Linux distributions). This is usually a dump from the NSS (Mozilla)
store. One can add easily more PEM encoded certificate to that bundle -
all the ones you want to trust. Implementation can require valid
certificates traceable back to a root in the CA bundle.
I don't know much about IIS (anymore), but I guess the same could be
possible there, using the local machine store.
Eric Norman wrote:
On Jul 20, 2007, at 8:30 AM, Johnathan Nightingale wrote:
As Dmitry observes, the protection it offers is useless if there are
http (i.e. non-SSL/TLS) links in the chain.
True enough. But there's more. Many will argue that such
protection is also useless unless the correct trust anchors
(some folks call them "root" certificates) are deployed at
the correct places. This is far easier to say then accomplish.
Eric Norman
http://ejnorman.blogspot.com
_______________________________________________
security mailing list
[email protected]
http://openid.net/mailman/listinfo/security
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
_______________________________________________
security mailing list
[email protected]
http://openid.net/mailman/listinfo/security
