On Mon, 14 Feb 2005, Zohar wrote:
I am only interested in the data being encrypted. I tried setting this up, but the client complains that my server certificate cannot be authenticated (I produced it using http://www.stunnel.org/pem/). Any pointers on how to set such a thing up (even for the time being, while I develop), without having to pay lots of money to a CA ?
This is the infamous 'browser-popup' problem: the 'CA' that signed your servers' certificate (in your case most likely a self-signed certificate but that's the same problem) is not recognized by your clients.
As in: the client receives the server certificate, tries to verify it against its repository of 'trusted CAs' and sees it can't do that. And then generates the warning.
There are two ways to get rid of the message: -get a server-certificate from a CA that is trusted by the clients; if you only care about the encryption and just want to get rid of the popup get a server-cert at http://www.freessl.com/, it will be ~40 euros. -install the CA certificate that issued your server-cert (or your server-cert itself) in all connecting clients
In your situation the first option might be cheapest.
Jan