Re: https can;t be good for work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2007-09-21 at 22:50 +0800, edwardspl@xxxxxxxxxx wrote:
> So, what mistake about the config ?
> 
> Remark : The ssl is self-signed SSL Certificate, and the Web Server
> come with FC6 System.

A self-signed certificate is not verifiable by other people.  There's no
third-party countersigning it to say that it's not forged.  So it's
always regarded as being invalid.  To use a self-signed certificate each
user has got to make a personal decision to trust it, without anything
to bolster that decision.  Unlike how counter-signed certificates are
usually handled by the browser - if it's signed by something it's
pre-programmed to trust, like Verisign, it accepts it without
questioning the user.

Another problem is that your self-signed certificate is for the
localhost (the machine, as it sees itself, just the same as you might
refer to yourself as "me" when you look in the mirror).  This isn't the
address that other people access you by, so it is a false certificate to
them.

If you want to use a self-signed certificate, despite the prior
information about it not being verifiable, then you need to generate a
new one using the exact same fully-qualified domain name that your HTTPS
site will be accessed through.

i.e. If it's accessed as https://www.example.com then the certificate
must be for www.example.com, not just example.com, nor any other
variation.

-- 
[tim@bigblack ~]$ uname -ipr
2.6.22.5-76.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux