httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From domi <Ketteltas...@web.de>
Subject Re: [users@httpd] Problem with revoked certificates.
Date Sun, 04 Feb 2007 15:36:51 GMT


Issac Goldstand wrote:
> 
>> Issac wrote:
> 
> Domi,
>   I'm happy it helped.  You can change your opinion any time you like; 
> just access Firefox's certificate store and you can view the 
> certificates you've chosen to trust, and the revocation lists.  If you 
> don't want to continue trusting a cert, based on what you see in the 
> CRL, or for any other reason, take it out of the trusted certificates
> list.
> 
>   By "trusting" the cert in the browser in the first place, you're 
> essentially telling the browser to ignore normal rules and depend on you 
> (as the human user) to determine the certificate's validity and 
> authenticity. 
> As the browser has no way of knowing why you know the certificate is 
> safe in the first place, it makes no assumptions for you as to when to 
> stop trusting it. 
> 
>   Issac
> 
> 

Hello Issac,
I just thought about it and tested a bit (before reading your last message).
I think that I made the mistake trying to access the site before importing
the CA certificate into my browser. So the browser asks me whether to trust
the certificate of my site. When I import the CA certificate in the
forefront of accessing the site the browser this question won’t come later.
I think I’ll stop here for today because I was busy on this for quite a long
time and my head feels a bit dizzy.
Tomorrow morning I’ll continue here and let you know about my progress.
All comments are welcome in the meanwhile.

best regards domi

PS: Again my thank to Issac. By the way you wrote
<You can change your opinion any time you like; just access Firefox's
certificate store and you can view the 
<certificates you've chosen to trust, and the revocation lists.
Where is this store or do you mean what you see under
settings-advanced-encryption in the browser? But I'm not able to see the
details of the CRL or is this possible?
An answer would be nice because (as I said) I'm too dizzy to search.
Otherwise I will search tomorrow one my own.


-- 
View this message in context: http://www.nabble.com/Problem-with-revoked-certificates.-tf3169656.html#a8793797
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message