Re: OpenSSL ??
From: Alun Jones (alun@texis.com)
Date: 09/16/02
- Next message: Tim Greene: "Re: Problems accessing share on different domain"
- Previous message: Kevin Porter: "Re: Page not found with SSL/https but ok on http"
- In reply to: Jason Davis: "OpenSSL ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: alun@texis.com (Alun Jones) Date: Mon, 16 Sep 2002 14:43:23 GMT
In article <9e03a267.0209160155.1c2d9c19@posting.google.com>,
jasondavis19@hotmail.com (Jason Davis) wrote:
>I have some quick questions regaring openssl:
>
>1. Is it Working?? I mean - can I put it on my IIS 5.0 webserver and
>have a key locked on https:// pages?
Yes. No. IIS doesn't use the OpenSSL libraries, it uses the Microsoft code
for SSL (which means that it's likely that IIS is immune to the latest worm
making the rounds - fancy that!) However, you can create a certificate in
OpenSSL, and import that certificate into IIS.
>2. Will I be able to write in my organization name and domain name?
Yes - however, one of the 'key' elements of certificates is that your
certificate is approved by someone else, that the client user trusts (or has
told their computer to trust, or that the browser manufacturer trusts). You
can sign your own certificates, but this will result in a warning to the
client user that the certificate is self-signed. You can also install your
own Certificate Authority to sign certificates, but again, that CA has its own
certificate which will be self-signed, and which the client user must install
into the list of trusted root authorities.
If you have an out-of-band means of distributing the CA's certificate, it may
be worth getting your clients to install your own CA. After all, the only
thing the client needs to do is have a point of trust at which they will
believe certificates that are issued by that CA. Contrary to what most people
will try and tell you, you don't need Verisign, or Thawte, or any of the other
well-known CAs to sign your certificate, as long as your users understand the
concept of a chain of trust up to your root CA.
>3. Is it possible to use the OpenSSL as a developer certificate for
>signing ActiveX/JAVA codes? (i.e - something like:
>http://www.thawte.com/html/RETAIL/devel/index.html)
Sorry - don't know.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email alun@texis.com Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.
- Next message: Tim Greene: "Re: Problems accessing share on different domain"
- Previous message: Kevin Porter: "Re: Page not found with SSL/https but ok on http"
- In reply to: Jason Davis: "OpenSSL ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
