[HCoop-Misc] a query about ssl certificates

[Tanveer Singh]

On 6/4/07, Adam Chlipala <adamc at hcoop.net> wrote:
> Tanveer Singh wrote:
> > If I genereate a certificate for him using the required openssl
> > command, can I generate the crt file on any unix machine and mail it
> > to him?
> > After that he can give that to the hosting providor and they can
> > install it for him.
> > Or do I need to generate the certificate on that server only?
> >
>
> You can generate the certificate anywhere, and it will work just as
> well. However, his provider isn't charging him $50 just to run an
> openssl command for him. The certificates they sell probably have short
> paths to certificate authorities included with the popular browsers.
> This means that users would be able to visit his site without getting
> warnings about untrusted certificates. They _would_ get such warnings
> for any self-signed certificate, and that is what you would be getting
> if you ran an openssl command yourself.
I understand that the $50 is so that the warnings don't come. But only
admins will use the ssl route, so no issues there normal users will
still be at http://site_address
So all I have to do is run the openssl command, generate the cert and
send it to him. Then he can tell his service provider to install that
certificate, right?