[117333] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

delegating SSL certificates

daemon@ATHENA.MIT.EDU (travis+ml-cryptography@subspacefie)
Sat Mar 15 16:53:04 2008

Date: Mon, 25 Feb 2008 16:01:43 -0600
From: travis+ml-cryptography@subspacefield.org
To: Cryptography <cryptography@metzdowd.com>
Mail-Followup-To: Cryptography <cryptography@metzdowd.com>


--PuGuTyElPB9bOcsM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs.  Obviously this is bad.

I know that if we had IT put our root cert in the browsers, that we
could then generate our own SSL certs.

Are there any options that don't involve adding a new root CA?

I would think this would be rather common, and I may have heard about
certs that had authority to sign other certs in some circumstances...
--=20
<URL:https://www.subspacefield.org/~travis/> Who Would Jesus Bomb?
For a good time on my email blacklist, email john@subspacefield.org.

--PuGuTyElPB9bOcsM
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (OpenBSD)

iQIVAwUBR8M6xmQVZZEDJt9HAQKj6w/9ElHLe4m+MPduPI1WqefmnQmelRpoWAqr
U8fJQO2wq+pfPx0p0cGGtB2NZJquqCT1mJtaZvgRECX6LSgQNkSd7oPbfIGutMUh
yuaUOozGVKaBRQZpHag6hGVLiRcDLe2zHl7qpf08yDQIs7UVqROMdWEUtmgIX7r1
jWmOgNALCUgMOPQcF2tR2aVDZ4A5WQGmFppgc2dFRj2TBq/ZSZaBQAhUtzO3HhNy
cwMzLRbIS+QCwk4s2khsMj5vJM5Uxard1vr2SPmzaPKfLWQVCcj7SDHKtkC78GFX
hjlZV0t9I7gxlBsD5LJRrWYREJtPlCQXsp1Os+zDxMYMwLzGycVfnUWEuh2BtAXS
cXzIEgMDSDRvHqOiM1wdn7wt7CzDx23kt+e9mGnQP2sgYpZC8bSDM9d2IQlpSaWQ
6pceX2w3Cn0ibs1VofCSlEeBO2BoKDlr2af9rTdX6ZGhxaMljrpX4X76sdeMggMQ
B2dQJa+LcK/+Sf8+3LycGoASIWiDKOEYn3BtsyssyGb59PjkhvzOyHivJAQRk9KQ
+LiqXt5Qv1bWEsnim9IfqkbKmuwwWCgWBD6LkoS7a50bHID2a09jg2N9VbZ30T18
NnqOBj22y2MX+BJoJ76fJt6r/52EJ+928EYr5qKMCJFj/68GBmCVRk+7rpj7PMCi
NMsyk2VW/VM=
=Dk95
-----END PGP SIGNATURE-----

--PuGuTyElPB9bOcsM--

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post