Re: DCM cert for Apache settings -- MIDRANGE-L

On 3/8/2017 12:35 PM, Nathan Andelin wrote:

Same with true for web services. Web service clients and servers don't
mess
with certificate authorities. Why do browsers?

Not sure that I agree that SMTP and Web Services don't care about CAs,
but...

Is that to say you're not sure you disagree? You know of any SMTP relays or
Web service clients rejecting self-signed certificates from their trading
partners?

Yes. If the client don't trust the certificate, self-signed or not, it
will be rejected. That's how SSL works.

Also, the terminology used is horrible which probably why Scott wasn't
quite sure of what you were saying.

Scott was referring to SMTP servers and HTTP servers that run web
services. You seem to be referring to clients of some sort.

"Web service clients and servers". That is VERY confusing.

Servers present the SSL certificate to clients. Clients then choose to
trust the signers of that certificate or not.

Bottom line, if the CLIENT doesn't trust the signer(s) of the SSL
certificate that is on the SERVER, it "should" fail.

I say "should" because there are ways to ignore the not trusted errors.

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.