On Fri, 2010-02-19 at 15:40 +0530, Shruthi Sarpamale wrote: > > Observation: After the self created Certificate Authority ca.crt is > imported under ' Trusted Root Certificates ' of the browser, login to > the config UI, does NOT display the certificate error and page > directly navigates to the login screen. > > My query ---> Is it required to import the self created Certificate > Authority ca.crt under ' Trusted Root Certificates ' of the browser?
Yes - it is required. There is no issue. The point of this feature is exactly to configure a common trusted CA certificate between the browser and the sipXecs system. If, instead of creating a private CA, you had obtained a server certificate from some well-known public CA, you would probably not have needed to install the CA certificate in your browser - most browsers come with a substantial number of pre-installed CA certificate chains for the well-known public CAs. Since you invented your own CA (a legitimate thing to do), then you need to install it in both places. It's important that we be able to support private CAs like this because many large enterprises have their own internal private CAs and use certificates signed by them as part of their internal security systems. In those enterprises, users must install the private CA certificate in their systems (and often have a client certificate signed by that same infrastructure as well). _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
