On Thu, Oct 21, 2010 at 7:47 PM, Sam Hamilton <[email protected]> wrote: > > > Yes with a real SSL that works with all browsers now coming in around $11 a > year or a free one that works with Firefox, Safari and Chrome perfectly why > go to the extra effort of creating a CA? > >
I don't think you can obtain that $11 or free SSL Cert for private DNS names, can you? I want to do SSL on hosts that aren't even on the internet, let alone using names that are delegated by registrars. It is a completely private, completely isolated internal system that happens to use the web application architecture. That's why I would like to do it with an internal CA, but the problem is getting the browsers to accept that CA (and perhaps, accept *only* that CA). I realize this is beyond the scope of OFBiz development but I thought I might not be the only OFBiz user who deploys in an isolated environment. We'd still really like to have the encrypted communication of SSL without the third party authentication bits. The deployment is large enough that the step of "accepting the self-signed certs" really is a nuisance. -- James McGill Phoenix AZ
