1 |
On Thursday 03 Apr 2014 22:38:05 Mick wrote: |
2 |
|
3 |
> If you examine the X509 structure, you will see a field like this: |
4 |
> |
5 |
> X509v3 Basic Constraints: |
6 |
> CA:TRUE |
7 |
> |
8 |
> If it were an intermediate certificate it would say: |
9 |
> |
10 |
> X509v3 Basic Constraints: |
11 |
> CA:FALSE |
12 |
> |
13 |
> This is what your browser is warning you about. |
14 |
|
15 |
It was actually a warning in /var/log/apache2/ssl_error_log. |
16 |
|
17 |
--->8 |
18 |
|
19 |
> In any case, unless you obtain a certificate which has been signed by a CA |
20 |
> that is included in the default browser root CA certificates, random |
21 |
> visitors are bound to get a browser warning about the CA that issued the |
22 |
> certificate not being recognised as a trusted root CA by the browser. |
23 |
> |
24 |
> If they are instructed by you to accept said certificate as a trusted root |
25 |
> CA in their browser, then the problem will go away as long as they are |
26 |
> using the same browser on each visit. |
27 |
|
28 |
That's the sort of thing I was concerned about. Now, after following Alan's |
29 |
advice, I get a warning from my browser (Firefox or Opera) that the certificate |
30 |
is self-signed, but for my own purposes I can live with that. |
31 |
|
32 |
-- |
33 |
Regards |
34 |
Peter |