[Zope] - Comments on SSL issues

Jeff Bauer jeffbauer@bigfoot.com
Mon, 14 Dec 1998 12:25:18 -0600


> OK, one other thing that just struck me regarding SSL 
> issues, at least in the HTTP world... Verisign won't 
> issue a server sert (x.509) for just "any" server, it 
> has to be examined and approved (Apache finally got
> this), I believe Thawte Consulting, while more freewheeling,
> is also in a similar case.  The reality is, you have to
> have a cert from someone who is pre-registered as a root
> server, or you're going to confuse your users.... sad 
> but true.

Thawte will issue a type of certificate that can be used
on any server on your domain  (in addition to server
certificates).  Netscape accepts this type of certificate,
but Microsoft Internet Explorer doesn't AFAIK.

For testing purposes, we've issued our own certificates
and dropped in Verisign or Thawte certificates afterwards.

Regards,

Jeff Bauer
Rubicon, Inc.