Re: [Hampshire] home self signed ssl cert with multiple host…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MHugo Mills at <-
MChris Aitken at ->

Reply to this message
Author: Sean Gibbins
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] home self signed ssl cert with multiple host names?
Hugo Mills wrote:
> On Tue, Feb 03, 2009 at 08:40:38PM +0000, Sean Gibbins wrote:
>
>> Chris Aitken wrote:
>>
>>>>
>>>>
>>> Secure Connection Failed
>>>
>>> carfax.org.uk uses an invalid security certificate.
>>> The certificate is not trusted because the issuer certificate is unknown.
>>> (Error code: sec_error_unknown_issuer)
>>>
>>> # This could be a problem with the server's configuration, or it could
>>> be someone trying to impersonate the server.
>>> # If you have connected to this server successfully in the past, the
>>> error may be temporary, and you can try again later.
>>>
>>> (WinXP SP2; Firefox 3.0.5).
>>> Chris
>>>
>>>
>> It's because it's self-signed, so either add the exception and proceed
>> or run away.
>>
>
>    Actually, it's not self-signed. It's a CACert certificate. See [1]

>
>
>> If you are concerned about this and want a 'proper' certificate you will
>> need to pay for it.
>>
>
>    I didn't pay anything for it. :)

>
>    Hugo.

>
> [1] http://www.cacert.org/

Groovy - that'll teach me to read it proper like, eh? I blame the
headache...

Actually I am a terror for assumptions; first there's the subject of the
original post, and the night before I had created a self-signed
certificate for my mini-itx box and had seen a similar exception appear
when I went to the page to test it - as expected on account of it being
home-brewed and all.

It appears I was partially right about the untrusted authority business,
as it seems that you only get 'trust' if you pay for it.

What advantages do CAcert offer you over self-signing Hugo? On the
surface it appears there are few if any, but I am guessing there is a
move toward creating a community-based alternative to the commercial
players, although having dug around on their site for a while I am still
struggling to find a clear statement of their aims. Or at least one that
I understand - it's probably me being thick again!

Sean




--
The computer can't tell you the emotional story. It can give you the exact mathematical design, but what's missing is the eyebrows.
Frank Zappa



This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] home self signed ssl cert with multiple host names?Re: [Hampshire] home self signed ssl cert with multiple host names?->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)