self-signed ssl keys

Hello,
I've got a site that uses self-signed keys for ssl encryption. Everytime
user's go to it they get a dialog that asks them if they want to trust the
key. I was wondering if there was a way to make the self-signed key trusted
and if so if apache could serve it?
Thanks.
Dave.

"dave" <dmehler26@woh.rr.com> writes:
> I've got a site that uses self-signed keys for ssl encryption. Everytime
> user's go to it they get a dialog that asks them if they want to trust the
> key. I was wondering if there was a way to make the self-signed key trusted
> and if so if apache could serve it?

I don't understand quite what you're asking. Yes, the user can
configure his browser to trust the self-signed cert. The web site can
also generate its own signing (CA) cert, and the user can configure
his browser to accept all site certs signed by the signing cert. For
example, a company or university might run its own CA and configure
all browsers inside the company or campus to trust that CA.

If you want random public users to be able to visit the site without
getting a cert dialog, you have to buy a cert. The cheapest ones I
know of ($20/year last time I looked) are freessl certs resold by
www.ev1servers.net. They work in most browsers, but not quite as many
as some of the more expensive certs do. Visit the ev1servers site and
scroll to the bottom of the page, and there should be a button there
to buy a cert.

There was a story recently on slashdot.org that talked about a company that
issues free certs.



"dave" <dmehler26@woh.rr.com> wrote in message
news:y%JFc.182792$DG4.49746@fe2.columbus.rr.com...
> Hello,
> I've got a site that uses self-signed keys for ssl encryption.
Everytime
> user's go to it they get a dialog that asks them if they want to trust the
> key. I was wondering if there was a way to make the self-signed key
trusted
> and if so if apache could serve it?
> Thanks.
> Dave.
>
>

"Sebastien B." <sebastien@nospam.nospam> writes:
> There was a story recently on slashdot.org that talked about a company that
> issues free certs.

Those free certs aren't recognized by any browsers unless you first
import that CA's signing certificate into the browser. You can generate
certs like that yourself just as easily.

On Sun, 4 Jul 2004, dave wrote:
> Hello,
> I've got a site that uses self-signed keys for ssl encryption. Everytime
> user's go to it they get a dialog that asks them if they want to trust the
> key. I was wondering if there was a way to make the self-signed key trusted
> and if so if apache could serve it?

Yes. It is done by having the user download a self-signed certificate that is
used to sign your other certificate(s). There are (or were) web pages that
explain how to do this.