Date: Mon, 3 Jun 2002 01:56:50 -0500 From: James <oneiros@darkspire.net> To: freebsd-isp@freebsd.org Subject: Re: SSL certificates Message-ID: <20020603065649.GA7504@stardust.darkspire.net> In-Reply-To: <Pine.LNX.4.41.0206030749300.1748-100000@opium.co.za> References: <20020603000526.GA5542@stardust.darkspire.net> <Pine.LNX.4.41.0206030749300.1748-100000@opium.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Mark Bojara (mark@mics.co.za):
> so do I have to have a physical link to a .pem file or can I use the
> certificate on a SSL site and it will ask them to install it?
A physical link will do the trick. For security purposes, clients
should only accept a new CA certificate when it's explicitly requested,
or is included in a pack with a client cert they're importing.
Name it something like ca.crt, and make sure the content-type is set
properly. Then they can go to http://something/path/to/ca.crt and
their browser should take care of it automatically. Wheeee.
To be safe, look for:
AddType application/x-x509-ca-cert .crt
in your apache config.
If you'd like it to be something.pem, just pop in another AddType for
it.
HTH.
--
James <oneiros@darkspire.net> A cat stalking near
uri: http://oneiros.darkspire.net/ the Emperor's palace. A
1024D/62C2F77D crouching cat. A fox.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020603065649.GA7504>