Security Basics mailing list archives
Re: ... may be a dumb question ?
From: ossinfo () osschicago com
Date: Mon, 5 Jan 2004 12:16:35 -0600
Try this content management system, there is a demo on their site, i use this for creating secure areas and for "non-techie's" its very simple for them to publish content using the system. http://www.plainblack.com The product is called WebGUI Good Luck! Tiffany Open Source Software Chicago http://www.osschicago.com ossinfo () osschicago com Jimi Thompson <jimit@myrealbox. To: Michael Gale <michael () bluesuperman com> com> cc: security-basics () securityfocus com Subject: Re: ... may be a dumb question ? 01/04/2004 11:51 PM Michael Gale wrote:
Hello, I have a question, I want to make a secure web site for me and
a few
people. So this is my crazy design. I setup Apache with PHP and am using mod_ssl. I created my own CA on a linux box. I then created a CSR for the web server and signed it with my CA. Now I give all the people I want to have access to the site my ca.crt and they import it into their browser. So now there browser will accept my site's cert :) with out the warning. Now if they are running a linux / unix box I can have them create a CSR and have my CA sign it. Then they can import that cert into their browser. Now if I understand it correctly when the client accesses my site the server and client will exchange certs and trust each other :) unless I add the user to the CRL. The rest of the traffic will be over SSL ... so is this a secure way of allows access to a directory ? Do you see any problems ?
Your URL's must all be https:// & not http:// HTH, Jimi --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: ... may be a dumb question ? Jimi Thompson (Jan 05)
- <Possible follow-ups>
- Re: ... may be a dumb question ? ossinfo (Jan 05)