On Tue, Aug 25, 2009 at 11:38:08AM +1000, Les Bell wrote:
Can't you install your own root certificate into the internal client browsers? The book "Network Security Hacks" (Andrew Lockhart, O'Reilly) gives a procedure for doing this (p. 112). You generate a .der file from the cacert.pem file, add a new mime type in the Apache config and then make the pem and der files available on your server. The users can now install the new root cert by just clicking on a link.
If you're going to go through that much trouble for Firefox 3, you might as well just document how to add an exception to FF3 for self-signed certificates. :) (The above procedure might be helpful for other browsers where it may not be possible to add an exception as you can in FF3.)
--keith