[Dshield] 0wnlng Windows machines
tonni at hetnet.nl
Mon Feb 26 06:13:29 GMT 2007
Stasiniewicz, Adam wrote, on 26. feb 2007 05:27:
> Glad it made sense. As for the certificate errors, I see them both in IE 7
> and FireFox 22.214.171.124 on both the p0f and Webmail sites. Both present the
> same error: the certificate is not issued by a trusted root CA (which is
> inline your description of the server's configuration). IE 7 has changed
> the way in reports certificate errors since IE 6 so maybe that is what Allen
> is seeing. But once I acknowledge the warning, both browsers will let me
> see your site.
> As of why your users don't see it, your Windows admin could use GPOs to
> automatically configure trusts for all your internal certificates on your
> internal computers.
Thanks to all who answered and especially Stuart for the helpful
explanation of the IE7 certificate phenomenon.
I have FF 126.96.36.199 on Linux, decided to remove the Barlaeus cert from my
store and retry the url. FF said only that there was a cert that wasn't
trusted and asked me what I wanted to do - stop, install for the session
or install permanently - no hassle. I presume that the behavior shown by
the Windows FF version conforms with certificate Windows policy.
FWIW use https not for certified authentication, but purely to encrypt
all traffic between the site and the client; it is webmail, after all.
We insist on 128 bits or better encryption to ensure a minimum of
protection against cracking connections - some older browsers can't cope
Email: tonni at hetnet dot nl
More information about the list