Some browsers don't exactly make it easy to import a self-signed server certificate. And browsers are actively moving against self-signed server certificates. Modern browsers (like the warez we're using in 2014/2015) want a certificate that chains back to a trust anchor, and they want DNS names to be presented in particular ways in the certificate. The restrictions arise in two key areas: (1) trust anchors, and (2) DNS names. The requirements used by browsers are documented at the CA/Browser Forums (see references below). It's difficult because the browsers have their own set of requirements, and they are more restrictive than the IETF. It can be tricky to create one that can be consumed by the largest selection of clients, like browsers and command line tools. It's easy to create a self-signed certificate. More information about MSYS_NO_PATHCONVĪm I missing something? Is this the correct way to build a self-signed certificate?. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |