[clue-tech] CAcert issues
David Anselmi
anselmi at anselmi.us
Sat Apr 2 16:36:04 MST 2005
Angelo Bertolli wrote:
[...]
> I just looked at it and CACertificateFile is equal to CertificateFile.
> So, I don't know what that means.
It means you're a d-i-y CA and you're using the CA root certificate for
your server certificate. Since the two are the same you can't expire or
revoke the server cert without doing the same to the CA.
Practically, if you did this for 100 web sites I'd have to tell my
browser to trust each cert individually. If you had made a separate CA
cert and signed your server cert with that, I could add the CA cert to
my browser's trust list and it would trust the 100 server certs
automatically.
Dave
More information about the clue-tech
mailing list