Scott wrote: 
...
> We've normally got an email address for each user; when a new 
> user is created, we could send them a Welcome email.  That 
> email could provide the user with the details of the new 
> account: this is your extension and your initial PIN, here is 
> the link to your user portal, here's the quick reference 
> guide to the system, etc... and include in that email either 
> of two things: a copy of the CA certificate to be loaded into 
> the browser (research project: is there a way to package a 
> cert that would trigger this easily?), or at least an 
> explanation of the fact that the warning will happen and how 
> to suppress it (including the key fingerprint data so that 
> users who understand it can do the right thing and verify the 
> key).  

I did some experimenting not too long ago.  

Double-clicking on the CA .crt file in WinXP gives you a box with an
"Install Certificate" button, which launches a Wizard.  Click Next,
Next, Finish, & OK, and you're done.  The CA is now available to MS
Internet Explorer (and CounterPath Bria, which might be convenient
someday...)  But it isn't used by Firefox.

Firefox can load a CA .crt as file, but loading from an HTTP URL is more
convenient.  You are prompted to explicitly select the purposes for
which you want to trust the CA.  For this item, we'd need instructions
to check "Trust this CA to identify web sites."  Then click OK and
you're done.

As for MacOS, I seem to remember that double-clicking the CA .crt file
works well, but probably only helps the Safari browser and CounterPath
Bria.  Firefox probably works the same regardless of platform.


BTW, improvements in this area would also be helpful conducting secure
provisioning (over HTTPS.)

Background http://list.sipfoundry.org/archive/sipx-dev/msg17908.html and
http://list.sipfoundry.org/archive/sipx-dev/msg20374.html


-Paul
[email protected]

_______________________________________________
sipx-dev mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
sipXecs IP PBX -- http://www.sipfoundry.org/

Reply via email to