SSL/TLS/Encryption questions

Hey Everyone.

I’'m relatively new to wildfire, but I now have a setup going with ldap and vcard data working successfully – thanks to all the posts on this forum. I do have a couple of questions:

1. How do I change the ssl certificate used for the admin interface? I want to add my own, ‘‘real certificate’’, and I can’'t seem to find out how/why.

2)Why would I want to create/install a real cert for TLS use? I read the ssl guide and it says that a number of people will want to do this, but I’‘m not sure why. Doesn’'t the client accept any cert when negotiating?

Hey jaga,

1. I think that you have already read the documentation but just in case here is the SSL Guide[/url] that explains how to install new certificates. The admin interface uses the same certificates that are used for client and server connections.

2. The main reason is that some clients do not accept certificates that are not trusted. One of the main points of using certificates is for clients to verify the identity of the server so there is no man-in-the-middle attack. Some clients give you the chance to select the action to follow when the certificate is not trusted, others just use the certificate (no matter its state), others perform some checkings (e.g. not expired) and other just perform all the checkings (there are many checkings) and if something is not correct then the certificte is rejected and the connection is not secured or even not able to be used.

Regards,

– Gato

Thanks for clarifying.