| 1 |
On Thursday 03 Apr 2014 22:38:05 Mick wrote: |
| 2 |
|
| 3 |
> If you examine the X509 structure, you will see a field like this: |
| 4 |
> |
| 5 |
> X509v3 Basic Constraints: |
| 6 |
> CA:TRUE |
| 7 |
> |
| 8 |
> If it were an intermediate certificate it would say: |
| 9 |
> |
| 10 |
> X509v3 Basic Constraints: |
| 11 |
> CA:FALSE |
| 12 |
> |
| 13 |
> This is what your browser is warning you about. |
| 14 |
|
| 15 |
It was actually a warning in /var/log/apache2/ssl_error_log. |
| 16 |
|
| 17 |
--->8 |
| 18 |
|
| 19 |
> In any case, unless you obtain a certificate which has been signed by a CA |
| 20 |
> that is included in the default browser root CA certificates, random |
| 21 |
> visitors are bound to get a browser warning about the CA that issued the |
| 22 |
> certificate not being recognised as a trusted root CA by the browser. |
| 23 |
> |
| 24 |
> If they are instructed by you to accept said certificate as a trusted root |
| 25 |
> CA in their browser, then the problem will go away as long as they are |
| 26 |
> using the same browser on each visit. |
| 27 |
|
| 28 |
That's the sort of thing I was concerned about. Now, after following Alan's |
| 29 |
advice, I get a warning from my browser (Firefox or Opera) that the certificate |
| 30 |
is self-signed, but for my own purposes I can live with that. |
| 31 |
|
| 32 |
-- |
| 33 |
Regards |
| 34 |
Peter |
Archives