On 04/22/2013 10:36 AM, alex_at_imaginers.org wrote:
> This is working fine when using my self generated CA for signing the requests
Let's call this CA "selfCA".
> I want to get rid of the browser warning so I try to use a CA already
> recognized in the browser, what should be possible following this ticket:
> http://bugs.squid-cache.org/show_bug.cgi?id=3426 (already mentioned)
You may have misinterpreted what that bug report says. The reporter
placed his selfCA into the browser. The reporter did not use a CA
certificate from a well-known CA root in his signing chain -- it is not
possible to do that because you do not have the private key from that
well-known root CA certificate.
You should use selfCA as root CA of your signing chain and you have to
place that selfCA in the browser.
> If anyone has a running setup without importing the self-signed CA to all
> browsers please let me know.
It is not possible to bump traffic without importing your self-signed
root CA into all browsers. If it were possible, SSL would have been useless.
HTH,
Alex.
Received on Mon Apr 22 2013 - 17:05:55 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 23 2013 - 12:00:05 MDT