× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Self signed certificates are issued by you, not by a trusted certificate authority. Almost all systems will issue that warning to be sure you realize that you are using a certificate that is not verified by a third party.

As for the keys, SSL is nothing like SFTP and SSH. SFTP uses SSH and they CAN use a key based authentication. SSL has nothing to do with authentication. SSL is strictly encryption.

Brian May
Director
Pre-Sales and Customer Solutions
Profound Logic Software
http://www.profoundlogic.com
937-439-7925 Phone
877-224-7768 Toll Free
  

UI Modernization. And More!

www.profoundlogic.com
      

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jay Vaughn
Sent: Tuesday, April 28, 2020 2:36 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Apache http ssl certificate - export

thanks jack, i ran the command again and I see it just "shows" and does not "generate"...
I took a much better look this time than just rushing into copy/paste the certificate out...

Funny, i do see that the certificate is the one I created in DCM.
THANK YOU! I'm a command line guy myself and that gui navigation sucked to find this info.

so i'm particular interested in this...

Verification error: self signed certificate in certificate chain

Doesn't sound good... I also recall postman reporting this also during my testing... what does this mean?

And why do you keep referring to the "private key"...
in an sftp ssh authentication, the server holds the private and you give your public key out... you never give the private out.??
I have only mentioned public key... not private key.

Jay


On Tue, Apr 28, 2020 at 3:30 PM Jack Woehr <jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

On Tue, Apr 28, 2020 at 1:04 PM Jay Vaughn <jeffersonvaughn@xxxxxxxxx>
wrote:

handing a generated cert
from PASE to my consumer doesn't really leave me with that warm
fuzzy. :) but thanks!


It's not generated from PASE. It's just shown to you by the
application openssl.
I just suggested openssl as an easy way to grab a transportable form
of the cert.
You can export it from DCM, too.
I think you need to read up on SSL, TLS and HTTPS.
The only thing your *server cert* does is assert "I am me".
The *client* will only believe that assertion in one of two cases:

1. The cert is signed by a CA which leads in a chain of CAs to some CA
the *client* already possesses a cert for.
2. You add the *server*'s cert manually to the *client*'s trust store
and tell it, "THOU SHALT ACCEPT THIS FOR WHAT IT CLAIMS TO BE!"

That's it. If you pass around the private key the server cert was
signed by, anyone can fake your server cert that you already gave to your clients.

--
Jack Woehr
Absolute Performance, Inc.
12303 Airport Way, Suite 100
Broomfield, CO 80021

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you
received this communication in error, please contact the sender and
delete/destroy all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.