|
|
发表于 2005-10-24 05:11:44
|
显示全部楼层
Post by zaiwen
First, about apachessl start, I did some tests and yongjian is correct: you don't need to use apachectl startssl to start the SSL http server. When you start httpd, it will start the SSL portion of it too.
However, I am still very confused with the key and cert files.
cxfxcf says, "i think it's not need to transfer a key to client site; i have tested it with outlook".
If you don't need to transfer a key or cert to client site, how could the key and certificate be verified? When you connect from the client to the server? (maybe silly questions 
I tested both imaps and https from windows clients.
跳出ssl提醒框。。2个选项都是不安全, except date.
But after I viewed the certificate and installed it into the window's store, I don't get ssl提醒框 any more....
Yongjian, could you please explain the whole logic of ssl key and certificate files about imaps and https for us? I will check this posting anxiously....waiting for you.....
Sorry I am not an expert on SSL, so I did some research. Looks like you don't necessary need to manually install the cert locally but you certain can do that if you want. The client and server will do some handshakes to negotiate what method they will use to communicate during the session and it includes choosing the cipher algorithm and verify the cert. If it is successfully, the client will store the cert. Manually install can be done such as this: open your browser and do https://your.mail.server:993/
Reference:
1. http://wiki.dovecot.org/moin.cgi/ChainedSSLCertificates
2. http://en.wikipedia.org/wiki/Secure_Sockets_Layer
3. http://www.knowplace.org/imaps.html
4. http://www.seifried.org/security ... imap_pop_linux.html |
|
IP卡
狗仔卡
显身卡
楼主