> > However, I still don't know about the empty /certs directory. Am I supposed > > to copy /usr/local/src/openssl-0.9.7b/certs/ to /usr/local/ssl/certs? It > > seems strange that the install script wouldn't have done that as well if it > > were needed. > > Well you copy the ones that are relevant to what you want to verify. Beware of > copying the whole certs directory because it includes internal test CAs which > have the private keys included in all versions of OpenSSL: > that is anyone could create a certificate for them... > > Steve.
I see. Thank you for the info and warning. But your answer brings up yet another question :) Most people do not have their own certificate, yet are able to do https transactions with secure web servers. Does each browser have a default certificate it presents in this case? And does that need to be verified? If so, how would I know which root certs need to be available for such cases? My apologies for being so ignorant. I've found it hard to jump from the tutorials/how-to's which give a good overview, and the openssl/apache/sendmail/qpopper (i.e. my entire requirements) docs which cover all the details but assume I know more than I do. Anyone know of any "tweener" resources? I am happy to read more :) Thank you again, Dann ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
