[ previous ] [ next ] [ threads ]
 
 From:  "Michael A. Alderete" <lists dash 2003 at alderete dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] SSL keys?
 Date:  Wed, 28 Jan 2004 10:12:27 -0800
At 11:48 AM +0100 1/28/04, Christiaens Joachim wrote:
>>
>> You will get a message from your browser
>> saying that the identity of the web site could not be
>> verified, because the web site's certificate was signed
>> by an unknown certifying authority. I.e.,
>> maybe someone is spoofing the web site.
>>
>> I haven't figured out how to make this go away.
>
>You have to buy a certificate from verisign, thawte or some vendor, so your
>browser will trust the certificate blindly, or you will have to manually
>trust (install locally) the certificate one time in your browser.

Ah, that makes sense.

Next question: How do I do that? ;-)

Or, more specifically, after following Manuel's instructions for using
OpenSSL to generate a certificate locally,
<http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=5&actionargs[]=49>,
I have three files:

 - cert.csr
 - cert.pem
 - privkey.pem

I would like to install these into my browser to make the message go away.
Mozilla seems willing to import all three files (Go to Preferences /
Privacy & Security / Certificates, and click the Manage Certificates
button), but it is not clear to me which one(s) should get imported, or
which panel of the Certificate Manager I should use to do the importing
(all four panels have an Import button).

If you tell me, and I get it to work, I'll write it up like the Getting
Started guide (I'm thinking of a Secondary Configuration page, with a
variety of topics that don't relate to servers and DMZs, plus a servers &
DMZ guide), and post a URL to the list by the end of the week.

Thanks!

Michael
-- 

_____________________________________________________________
Michael A. Alderete           <mailto:lists dash 2003 at alderete dot com>
                                     <http://www.alderete.com>