Re: SSL problem using Macintosh browser

From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: 12/24/03 

Date: Wed, 24 Dec 2003 21:10:43 GMT

In article <0aa601c3c575$e2054eb0$a601280a@phx.gbl>, "Bob Skutnick"
<bob.skutnick@amcolor.com> wrote:
>I'm still unclear about "installing the certificate". My
>experience with SSL is light. I have a certificate I've
>purchased from GeoTrust. It installs on the web server. I
>enable SSL for the site on the server and the internet
>users go the site using HTTPS: and SSL kicks in. Nothing
>(installed) was required on the internet users end in the
>past???

If a certificate is automatically trusted by a client program, that means
that the client program (or the certificate store it references) trusts that
certificate or the certificate's issuer. Some clients (such as Internet
Explorer) ship with a list of "trusted roots" - certification authorities
that we trust to issue certificates to servers. Other clients ship without
trusted roots, and the user will need to install CAs' certificates to ensure
that certificates can be trusted by the client.

Obviously, the CA certificate for the CA that issued your certificate is in
the default set of trusted roots on the Windows systems, but not in the set
of trusted roots on the Macs. You can fix this in a number of ways - either
get the clients to install the CA's certificate, or your certificate, or get
your server's certificate from a CA that is trusted by more clients.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Relevant Pages

  • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
    ... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: LDP client authentication fails
    ... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
    (microsoft.public.windows.server.active_directory)
  • Re: SSL & Man In the Middle Attack
    ... >> it possible for the middle man to intercept all messages from server to me ... > server sends client a signed message along with a digital certificate. ... > client generates a random secret key, ...
    (comp.security.misc)
  • Re: activesync issue
    ... On the SBS 2003 Server open the Server Management console. ... On the "Web Server Certificate" page, choose to create a new Web server ... Install the new certificate which created in above step on mobile device: ... Access to browse the Exchange Server 2003 client after you install ...
    (microsoft.public.windows.server.sbs)
  • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
    ... order to detect we are connected to the wrong server (even though its SSL ... certificate is OK and valid by Verisign); we would need a client certificate. ... this can be detected by SSL/HTTPS client in ...
    (microsoft.public.dotnet.framework.aspnet.security)