SSL/TLS question

Joe Rhett jrhett at
Wed Jan 14 18:52:27 EST 2004

> I expect that'd do it; you'll still need to install the CA certificate 
> in browsers, though. I have a similar setup, but with a CA cert 
> generated in-house.
No you don't.  The server hands out both certificates during the
connection process. It just works ;-)

> I then install the ca cert into clients who need access. To be specific, 
> I generate a client SSL certificate for them that also contains an 
> embedded version of our CA cert. That way they import the CA cert when 
> they install the client cert; I then just get them to authorize the CA 
> cert for identifying remote hosts.

In your case it sounds like you aren't using a certificate signed by any
known authority.  He is - he's just using one signed by someone who was
signed by a known authority.  Nothing needs to be installed in the

Joe Rhett                                                      Chief Geek
JRhett at Isite.Net                                      Isite Services, Inc.

More information about the Info-cyrus mailing list