diff options
author | Heikki Toivonen <heikki@heikkitoivonen.net> | 2008-10-01 03:32:33 +0000 |
---|---|---|
committer | Heikki Toivonen <heikki@heikkitoivonen.net> | 2008-10-01 03:32:33 +0000 |
commit | 826236a7926b19efad4f29d1a65d132a57a1c486 (patch) | |
tree | cfccb099580fe1bc6f0d0da331a6c59f505c83b6 /doc | |
parent | 17694facc0fce05b6b59ef431fb14e18fb6353f8 (diff) | |
download | m2crypto-826236a7926b19efad4f29d1a65d132a57a1c486.tar.gz |
Add mention where to get CA certs from.
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@632 2715db39-9adf-0310-9c64-84f055769b4b
Diffstat (limited to 'doc')
-rw-r--r-- | doc/howto.ssl.html | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/howto.ssl.html b/doc/howto.ssl.html index e041641..340f264 100644 --- a/doc/howto.ssl.html +++ b/doc/howto.ssl.html @@ -120,7 +120,7 @@ NAME="history" > -<DIV CLASS="SECT1"> +<DIV CLASS="SECT1" id="secure" name="secure"> <H1 CLASS="SECT1">Secure SSL</H1> <p>It is recommended that you read the book Network Security with OpenSSL by John Viega, Matt Messier and Pravir Chandra, @@ -145,7 +145,12 @@ weaknesses) and sets the allowed ciphers to secure ones.</p> and requires the server to send a certificate. The depth parameter tells how long certificate chains are allowed - 9 is pretty common default, although probably too long in practice.</p> -<p>The third line loads the allowed root (certificate authority) certificates.</p> +<p>The third line loads the allowed root (certificate authority or CA) certificates. +Most Linux distributions come with CA certificates in suitable format. You +could also download the <a href="http://mxr.mozilla.org/seamonkey/source//security/nss/lib/ckfw/builtins/certdata.txt?raw=1">certdata.txt</a> +file from the <a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a> +project and convert it +with the little M2Crypto utility script <a href="http://svn.osafoundation.org/m2crypto/trunk/demo/x509/certdata2pem.py">demo/x509/certdata2pem.py</a>.</p> <p>The fourth line creates an SSL connection object with the secure context.</p> |