Macrobyte Resources TLS
Transport Layer Security
for Radio UserLand and UserLand Frontier
Re: Success is browser dependent on OS X
Important News! UserLand Software Acquires TLS

TLS Site

Home
News

Getting Started with TLS

License Agreement
Releases
  Current
Licensing
  Production
  Evaluation

Technical Support:
  Search
  Recent Topics
  Recent Messages
  Ask a Question

See Also:
  Macrobyte Resources
  Conversant
  AttSearchEngine
  Formz
  Queue Suite
  RCSearch

Welcome!
Signup
Logon
Subscribe to email
Unsubscribe from email
Post Message



  
Subject Re: Success is browser dependent on OS X
Posted 4/2/2002; 7:48 PM by Seth Dillingham
Last Modified 4/2/2002; 7:48 PM by Seth Dillingham
In Response To Success is browser dependent on OS X (#17)
Label None. Read 652
<Previous Next> Thread: Edit Reply

On 4/2/02, Clark Venable said:

>Okay.  Got it up and running on a local Radio install.  Couldn't
>be easier.

Congratulations!

>At first, when I read that the script would generate the CSR, I
>assumed you meant that it would write to the file system the
>necessary files.  Your way is so much better!

Thanks, we hoped someone would think so.

>For MacOS X users who have Apache running on port 80, the
>hyperlink in the text to https://127.0.0.1/ will not work. Putting
>in the URL where the service is actually located does
>(https://127.0.0.:4443/, depending on whether or not you turned on
>port forwarding).

That was just a sample URL, but I guess that point wasn't made clearly enough. Sorry.

>Whether one can browse the site with an invalid certificate seems
>to depend on which browser on  is using.  Internet Explorer 5.1 on
>OS X throws an error dialog and does NOT allow you to browse the
>site. Mozilla 0.99 for OS X  (soon to be 1.0,  I hope) gave a
>dialog, but it can be dismissed the the site accessed. OmniWeb 4.1
>sneek peak  didn't even throw a dialog and just displayed the page.

Actually, it seems to depend on "just how invalid" the certificate is. IE is being more picky than the others are.

If you generate a CSR from TLS.root and then ask Thawte or Verisign to give you a free, 21-day test certificate, you'll see that it works just fine (even though the certificate's signature will still be unrecognized). This means that there's a bug in the self-signed certificates that TLS.root is generating.

If you'd like instructions for generating a CSR to get that free cert from Thawte or Verisign, let me know (anyone can ask, not just Clark, of course) and I'll post them here.

>As an aside, I just bought a Sharp Zaurus 5500.  Linux + Java PDA.
> In comes with Opera 5.0 (which is what sold me on it), which
>supports.....TLS 1.0!

Very cool.

Is it clear to everyone that "TLS" includes SSL? In other words, your device or software doesn't have to include support for TLS to work with this secure server. If it supports any sort of secure web server, it will probably work, because TLS is like, "SSL Plus".

(Brian probably won't like that over-simplifcation, but it's essentially true.)

Seth
<Previous Next> Thread: Edit Reply
ENCLOSURES

None.
REPLIES

RE: Success is browser dependent on OS X
4/3/2002 by Brian Andresen
On 4/2/2002 3:48 PM, Seth Dillingham <seth@macrobyte.net> wrote: >Is

Re: Success is browser dependent on OS X
5/22/2002 by Clark Venable
Seth, I think it would be worthwhile to fix the certificate problem for IE



 
© 2002 Macrobyte Resources. All rights reserved.