httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Issac Goldstand <mar...@beamartyr.net>
Subject Re: 2.2.4 windows binary w/ssl?
Date Wed, 10 Jan 2007 20:17:59 GMT
I think the MSI should autogenerate a self-signed cert at least (last
thing we need is for people to deploy a static pre-distributed cert
which would make it that much easier to do man-in-the-middle attacks).

Would be great if the MSI had a choice to use an existing cert, or
generate a new one with a user supplied DN (fill-in fields for CN, OU, O
, L, ST, C), and generated a self-signed cert with that + a .csr for
sending to a Trusted Third-Party for signing.

Would also be great if there was some GUI for importing a signed cert
post-install, similar to the IIS wizard, but that's probably pushing it.

Just my $0.02,
  Issac

William A. Rowe, Jr. wrote:
 > A final question for all, do we wish to install an arbitrary, on the
fly self
> signed default.crt/default.key?  Do we want to help them fill out the details
> or use stock details?  Or do we want them to use openssl.exe to generate one
> for themselves?

Mime
View raw message