WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Open Source Certificate authority

From: "Law, Gary, (FNB)" <LawG () fnb co uk>
Date: Wed, 24 Sep 2003 08:50:29 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


-----Original Message-----
From: Jared Ingersoll [mailto:jared () cswv com]

1. Is there an app that anyone is familiar with that will duplicate
Verisign's Certificate Authority in a way that would 
eliminate any type of
warning. (It seems like apache and openssl are out).
supply certificates that would not present any warning message?


For testing, instantssl / comodo do a free trial certificate for (I
think) 28 days suitable for use on web servers. This requires no
client configuration / installation of extra trusted root
certificates. You'll need to register with them. You should really
test with a self-signed certificate, and an expired one too; if the
client isn't a browser this will help you understand what its
behaviour will be in these conditions.

Gary

Gary Law
Technical Analyst - Unix,
Infrastructure Development,
First National Bank (UK)


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBP3FM7VB233AXMNP7EQJ4YgCgnGoGAaZHj8k6Dvf1UgYR/ffoPfgAnA0/
V/N7MsiYYzeQwPWShjBRfdNv
=q/M8
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: