× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2020

Re: Apache http ssl certificate - export

thanks jack, i ran the command again and I see it just "shows" and does not
"generate"...
I took a much better look this time than just rushing into copy/paste the
certificate out...

Funny, i do see that the certificate is the one I created in DCM.
THANK YOU! I'm a command line guy myself and that gui navigation sucked to
find this info.

so i'm particular interested in this...

Verification error: self signed certificate in certificate chain

Doesn't sound good... I also recall postman reporting this also during my
testing... what does this mean?

And why do you keep referring to the "private key"...
in an sftp ssh authentication, the server holds the private and you give
your public key out... you never give the private out.??
I have only mentioned public key... not private key.

Jay


On Tue, Apr 28, 2020 at 3:30 PM Jack Woehr <jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

On Tue, Apr 28, 2020 at 1:04 PM Jay Vaughn <jeffersonvaughn@xxxxxxxxx>
wrote:

handing a generated cert
from PASE to my consumer doesn't really leave me with that warm fuzzy. :)
but thanks!


It's not generated from PASE. It's just shown to you by the application
openssl.
I just suggested openssl as an easy way to grab a transportable form of the
cert.
You can export it from DCM, too.
I think you need to read up on SSL, TLS and HTTPS.
The only thing your *server cert* does is assert "I am me".
The *client* will only believe that assertion in one of two cases:

1. The cert is signed by a CA which leads in a chain of CAs to some CA
the *client* already possesses a cert for.
2. You add the *server*'s cert manually to the *client*'s trust store
and tell it, "THOU SHALT ACCEPT THIS FOR WHAT IT CLAIMS TO BE!"

That's it. If you pass around the private key the server cert was signed
by, anyone can fake your server cert that you already gave to your clients.

--
Jack Woehr
Absolute Performance, Inc.
12303 Airport Way, Suite 100
Broomfield, CO 80021

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you received
this communication in error, please contact the sender and delete/destroy
all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.