Thread: SSL Questions!

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Posts
    6
    Rep Power
    0

    SSL Questions!


    I installed SSL on my webserver. My question is,

    1) how do I disable the SSL confirmation dialog when everytime the client access to my page without clicking yes instead.

    2) I'm not using any 3rd party certificate, instead i'm using the default generate by the Certificate Services. Is it safe to use it? And why is that, I got this message from the client side "This CA Root certificate is not trusted". How do I enable it?
  2. #2
  3. I'm Baaaaaaack!
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Jul 2003
    Location
    Maryland
    Posts
    5,538
    Rep Power
    244
    When you self-generate a certificate, there is no way to know if you are really who you say you are, which is why the popup shows. If you pay your bucks and get an 'official' certificate that can be traced back to one of the CA roots, then that popup should go away. This is one of the built-in security measures in an attempt to let users know if they are accessing a trusted site or not; not, of course, useful if the people ignore it anyway.

    The reason behind this is to try to block man-in-the-middle attacks where someone spoofs your web site, convinces people to log on to their site, then passes their data on to your site. Since the data would be 100% in the clear on the middle site, the encryption would be completely voided. This is a serious problem if you are a bank or some other highly sensitive organization, not so serious if you are just trying to keep people from snooping your packets.

    My blog, The Fount of Useless Information http://sol-biotech.com/wordpress/
    Free code: http://sol-biotech.com/code/.
    Secure Programming: http://sol-biotech.com/code/SecProgFAQ.html.
    Performance Programming: http://sol-biotech.com/code/PerformanceProgramming.html.
    LinkedIn Profile: http://www.linkedin.com/in/keithoxenrider

    It is not that old programmers are any smarter or code better, it is just that they have made the same stupid mistake so many times that it is second nature to fix it.
    --Me, I just made it up

    The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man.
    --George Bernard Shaw
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    8
    Rep Power
    0
    Doing a self signed certificate is not going to work out well for you and it will not make those dialog popups go away.

    "You can create, install, and use your own certificate (called a self-signed certificate) but it won't be trusted by anyone's browsers. In fact ugly popups or a warning page will be sure to deter visitors from proceeding onto your site."

    see http://answers.ssl.com/1861/wildcard-ssl-certificate for more details about ssl wildcard

IMN logo majestic logo threadwatch logo seochat tools logo