[HCoop-Misc] a query about ssl certificates

Tanveer Singh tanveer1979 at gmail.com
Mon Jun 4 12:29:35 EDT 2007


On 6/4/07, Adam Chlipala <adamc at hcoop.net> wrote:
> Tanveer Singh wrote:
> > If I genereate a certificate for him using the required openssl
> > command, can I generate the crt file on any unix machine and mail it
> > to him?
> > After that he can give that to the hosting providor and they can
> > install it for him.
> > Or do I need to generate the certificate on that server only?
> >
>
> You can generate the certificate anywhere, and it will work just as
> well. However, his provider isn't charging him $50 just to run an
> openssl command for him. The certificates they sell probably have short
> paths to certificate authorities included with the popular browsers.
> This means that users would be able to visit his site without getting
> warnings about untrusted certificates. They _would_ get such warnings
> for any self-signed certificate, and that is what you would be getting
> if you ran an openssl command yourself.
I understand that the $50 is so that the warnings don't come. But only
admins will use the ssl route, so no issues there normal users will
still be at http://site_address
So all I have to do is run the openssl command, generate the cert and
send it to him. Then he can tell his service provider to install that
certificate, right?




More information about the HCoop-Misc mailing list