Thomas A. Fine wrote:
>
> I'm trying to set up an internal-use certificate authority for Ohio State U.
>
> I was under the strong impression that when a browser connects to a server
> with a certificate signed by an unknown CA, that it would give you the
> option of accepting either the site certificate, or the new CA.
>
> I even believe that I have seen netscape ask me this before. And the
> SSL FAQ says something along these lines also (section 9.2, under the
> "Note:").
Netscape version?
>
> As configured so far, netscape asks if I want to accept the site certificate,
> but makes no mention of the certificate authority (other than saying it
> is unknown).
It also gives you the option to view the certificate (in current
versions), so you can see who/where/when it was issued etc.
>
> I can't tell if apache-ssl supports this (seems like it should be in
> the SSL layer so it should), and if it does, how to configure things so
> that it will work. Has anyone done this?
I'm pretty sure this is handled entirely at the browser end, so I don't
see what Apache-SSL could do to help here...
cheers,
Adam
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage http://www.aldigital.co.uk
London W4 4GB mailto:adam@algroup.co.uk
UNITED KINGDOM PGP key on keyservers