Re: [cobalt-users] SSL Settings on Raq4i

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

"John D. Gorena" wrote:

> Using the Self generated Certification option.

As you may realize by now, John, self-generated certs will NEVER be
recognized by any browser; the purpose of a cert is not just to secure
data in transit, but rather to guarantee that the site belongs to whom
it says it does.  None of the browser manufacturers know who you are, so
they'll always warn about your certs.

With both Netscape and IE you can tell the browser to accept the cert
forever, and then you won't get the message.

But your customers always will, if they're using your cert to
administrate their sites.

One side-effect of all this is even after you buy a cert for your main
site, your customers will continue to get messages from their browsers,
whenever they admin their own sites, telling them the cert doesn't match
their domain name.  That's because the RaQ will (helpfully, or so it
thinks) automatically use your cert to manage all your sites.  Your
customers can solve the problem by accepting the cert the first time, or
they can set up their own self-generaged cert, and accept that cert in
their browser, or buy their own commercial cert.

Or you can give them the longer URL they can use to manage their site
under your site-name; this will let your cert work for them without
warning (as long as you've got a commercial cert recognized by their
browser).

Just to add another confusion to the whole mess, certain certs,
especially those produced by the cert company formerly known as Equifax,
will always show up as non-accepted in most browsers until you've added
a second cert on your RaQ; one you must add manually.

I don't have the time to look up these issues right now (over 500
messages still to read) but you can find them by searching the archives.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484