security
Chris Drake
christopher at pobox.com
Wed Oct 25 00:18:37 UTC 2006
Wednesday, October 25, 2006, 9:01:15 AM, you wrote:
JAD> --
>> > SSL [...] is generally a pain in the ass.
JAD> Chris Drake wrote:
>> That's because SSL provides both security and trust.
>>
>> SSH provides only security - not trust.
>>
>> It's not *really* a pain either - paste your CSR and
>> credit card into ipsca, and $38 + 1 minute later -
>> you're trusted.
JAD> No, one minute later you have certificate.
No no - I *mean* **trusted** - specifically:
A) install RedHat
B) visit https://yournewdomain.com
C) You get a warning saying that this is not a trusted site because
it's using a self-signed cert (yes - redhat sets this up for you:
you don't have to configure anything - it's default)
D) Save your new IPSCA cert into /etc/httpd/conf.d/
E) re-visit https://yournewdomain.com
*bingo* trusted - no popup errors anymore warning about your site not
being trusted. IPSCA actually did check that you're not some random
phisher or hacker, which is why browsers now trust their assertion.
Chris.
More information about the general
mailing list