jrhett at isite.net
Wed Jan 14 18:52:27 EST 2004
> I expect that'd do it; you'll still need to install the CA certificate
> in browsers, though. I have a similar setup, but with a CA cert
> generated in-house.
No you don't. The server hands out both certificates during the
connection process. It just works ;-)
> I then install the ca cert into clients who need access. To be specific,
> I generate a client SSL certificate for them that also contains an
> embedded version of our CA cert. That way they import the CA cert when
> they install the client cert; I then just get them to authorize the CA
> cert for identifying remote hosts.
In your case it sounds like you aren't using a certificate signed by any
known authority. He is - he's just using one signed by someone who was
signed by a known authority. Nothing needs to be installed in the
Joe Rhett Chief Geek
JRhett at Isite.Net Isite Services, Inc.
More information about the Info-cyrus