Penguin
Recent Changes

Differences between version 24 and revision by previous author of SSLNotes.

Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History

Newer page: version 24 Last edited on Thursday, February 23, 2006 4:41:06 pm by MattBrown Revert
Older page: version 22 Last edited on Saturday, August 27, 2005 4:44:16 am by AlexDery Revert
@@ -1,8 +1,10 @@
 [SSL] stands for Secure Socket Layer. Its used for secure communications between SSL-enabled clients and servers. Typical examples of its use 
 include [HTTPS], [POP|POP3]S, [LDAP]S, and so on. If you are doign any network-based authentication, you should be doing it over SSL. Ideally, you want 
 all network-enabled services (http, smtp, pop, samba, ldap) running over it. Slim chance, I know. :) 
  
+----  
+A good tutorial for setting up a CertificationAuthority under Debian is at: http://www.debian-administration.org/articles/284  
 ---- 
  
 Basic description: You have a certificate, which is signed by some CA (Certificate Authority). This certificate has both a public key (which is 
 signed by the CA), and a private key. When a client makes a connection to your SSL-enabled server, the server passes the public key along the client, 
@@ -72,9 +74,9 @@
  !AddType application/x-x509-ca-cert pem 
  !AddType application/x-x509-ca-cert der 
 to your httpd.conf or .htaccess file. This associates this [MIME] Type with *.pem and *.der files. copy your cacert.pem file onto the web server, and create a .der version for IE users with the command: 
  openssl x509 -in cacert.pem -inform pem -out cacert.der -outform der 
-Then goto the [URL] for cacert.pem (if you're running netscape) or cacert.der (if you're running IE). It will pop up a dialog box asking if you trust this certificate, to which you agree, and you're done! 
+Then goto the [URL] for cacert.pem (if you're running netscape) or cacert.der (if you're running IE). Mozilla will pop up a dialog box asking if you trust this certificate, to which you agree, and you're done! For Internet Explorer you'll get a non-intuitive "save or open" dialog. Click Open, then click "Install Certificate" and you're done! 
  
 The difference between [PEM] and [DER] files, is that [PEM] files are base 64 encoded versions of the [DER] files and have a header and a footer. 
  
 As of mozilla 1.x, mozilla appears to support [DER] files, so perhaps skip putting a [PEM] file there, and just use the [DER] file which will work with IE and Mozilla. [PEM] is the nicer file format, so in general try and use [PEM].