Scott wrote: ... > We've normally got an email address for each user; when a new > user is created, we could send them a Welcome email. That > email could provide the user with the details of the new > account: this is your extension and your initial PIN, here is > the link to your user portal, here's the quick reference > guide to the system, etc... and include in that email either > of two things: a copy of the CA certificate to be loaded into > the browser (research project: is there a way to package a > cert that would trigger this easily?), or at least an > explanation of the fact that the warning will happen and how > to suppress it (including the key fingerprint data so that > users who understand it can do the right thing and verify the > key).
I did some experimenting not too long ago. Double-clicking on the CA .crt file in WinXP gives you a box with an "Install Certificate" button, which launches a Wizard. Click Next, Next, Finish, & OK, and you're done. The CA is now available to MS Internet Explorer (and CounterPath Bria, which might be convenient someday...) But it isn't used by Firefox. Firefox can load a CA .crt as file, but loading from an HTTP URL is more convenient. You are prompted to explicitly select the purposes for which you want to trust the CA. For this item, we'd need instructions to check "Trust this CA to identify web sites." Then click OK and you're done. As for MacOS, I seem to remember that double-clicking the CA .crt file works well, but probably only helps the Safari browser and CounterPath Bria. Firefox probably works the same regardless of platform. BTW, improvements in this area would also be helpful conducting secure provisioning (over HTTPS.) Background http://list.sipfoundry.org/archive/sipx-dev/msg17908.html and http://list.sipfoundry.org/archive/sipx-dev/msg20374.html -Paul [email protected] _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
