|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
November 17th, 2005, 10:20 PM
|
|||
|
|||
|
Expired Certificate
I have an old Red Hat 9 system.
I use it as a file server. As a web server (Apache) it works too. But when I try to access it with https, I get these 2 (expected) warnings: 1. The security certificate has expired. 2. The name on the security certificate is invalid or does not match the name of the site. Yes, I have changed the name of the host. How do I update the certificate to take care of these? It is for personal use only so I assume I can update the certificate myself.
|
|
#2
November 19th, 2005, 10:45 AM
|
|||
|
|||
|
you must buy your own ssl certificate. Last time I checked they are around 70 to 700 US dollars. It depends on what it is going to be used for and the support of the certificate. If you want it to work with your subdomains than it gets really expensive.
Your data is still being encryptied with ssl it just isn't certified, so thats the error that you are reseving. But there is no way to get it for free, as far as i know. Someone may know more about it but I havn't ever heard of a way.
|
|
#3
November 21st, 2005, 01:53 AM
|
|||
|
|||
|
Self-generated and self-signed SSL Certs
Quote:
Self-generate your own SSL cert. Do you have OpenSSL installed on your redhat? 3 steps: 1. Generate your own private key 2. Generate a CSR (certificate-signing request). 3. Sign your own cert with own private key. Meaning, you process your own CSR. All you have to do is tell your friends and family (folks who surf your website) about the fingerprint of your key. Tell them over phone, if you don't want some tom-****-harry calling them to impersonate you. Tell them to check that the fingerprint (showing on their browsers) is correct, and tell them to add your cert to their "trusted list". Beyond that, they won't get a warning like "warning, cert not trusted by any CAs that you trust, blah blah". The idea behind a CA-signed cert is that a CA has TALKED to you and (somehow) VERIFIED you are who you claim to be (eg Neo, running domain matrix.com). All web browsers will have a list of well-known CAs. These browsers trust those well-known CAs. And through a "web of trust" (a single child link in this case), those browsers also automatically trust any certs "signed by" (vouched for by) those CAs. Jonathon
|
|
| Viewing: Dev Shed Forums > System Administration > Security and Cryptography > Expired Certificate |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
