LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 02-25-2003, 04:44 PM   #1
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Rep: Reputation: 30
ssl certificates


hello all,
hopefully this is a rather quick question, but after searching around on google for the better part of an hour i'm still left without an answer.

i run apache to serve a rather low traffic site (just accessed by my friends and i), however i'm very security oriented and decided that "member" areas should be protected by ssl. i've gotten ssl up and working just as it should be. my only problem is that since this is just a personal site i won't be purchasing a certificate. of course, this means i get the "splash security screen" warning me about the certificate being unsigned.

this is somewhat irritating, and i'm curious to know if there's a way to prevent that splash screen from appearing every time. perhaps installing the certificate in IE(or whatever browser), but i'm unsure of how to allow my users to do this.

suggestions? :-)
 
Old 02-26-2003, 08:34 AM   #2
Mik
Senior Member
 
Registered: Dec 2001
Location: The Netherlands
Distribution: Ubuntu
Posts: 1,316

Rep: Reputation: 46
I think it depends on the browser. With IE there is should be a button View Certificate which then shows the certificate in a seperate window. In that window there should also be a button to accept or install the certificate. You will have to do this for each browser that wishes to connect to the site though.
 
Old 02-26-2003, 08:45 AM   #3
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Syncrm is your certificate unsigned or self-signed? I know that mine is self signed and when you navigate to my page in your browser it will pop-up and say that the certificate has been signed by an untrusted party.
 
Old 02-26-2003, 10:31 AM   #4
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Original Poster
Rep: Reputation: 30
yeah, i know how to install the certificate... i was just wondering if there was a way in perl/cgi or perhaps even javascript to save the certificate. oh well... it's not a big problem, i was just curious.

and it's a self-signed certificate.

on a separate note, does anyone happen to know if it's possible to redirect an entire directory? example: i have different docroot for ssl, and there's a directory that used to be under my normal docroot which now resides under ssl. i would like to have any users who attempt to access any document under this directory to be redirected to the secure server.

any suggestions on that one? :-)
 
Old 02-26-2003, 10:36 AM   #5
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Oh you wanted it so that the users wouldn't get that little security advisory saying that the certificate is not signed by a recognized authority?
 
Old 02-26-2003, 10:45 AM   #6
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Crashed_Again
Oh you wanted it so that the users wouldn't get that little security advisory saying that the certificate is not signed by a recognized authority?
exactly.
 
Old 02-26-2003, 10:49 AM   #7
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Yes I wish I could find a way to do that too because it freaks out a lot of people who don't understand digital certificates. One guy said to me last night, "What are you trying to give me a virus or something?"

I guess if we did find a way to get around this then it would be really bad for companies like VeriSign. I hear they have a free trial for signing certificates. Maybe I'll check that out.
 
Old 02-26-2003, 11:01 AM   #8
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Syncrm
on a separate note, does anyone happen to know if it's possible to redirect an entire directory? example: i have different docroot for ssl, and there's a directory that used to be under my normal docroot which now resides under ssl. i would like to have any users who attempt to access any document under this directory to be redirected to the secure server.
nevermind... a search on google answered my own question. sometimes i'm just way too lazy. but for those curious, here's the answer:

Redirect /service http://foo2.bar.com/service

apache config, of course.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssl and verisign trail certificates helpme0904 Fedora 0 06-09-2005 04:57 PM
SSL certificates the-chains Linux - Software 0 11-15-2004 08:12 PM
ssl certificates champ Linux - Security 2 04-05-2003 10:47 AM
SSL Certificates and root authorities antken General 2 01-24-2003 11:55 AM
Multiple SSL Certificates Per IP Address dkochan Linux - General 1 03-05-2002 02:06 PM


All times are GMT -5. The time now is 10:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration