[indiana-discuss] security fixes in /release

[Shawn Walker]

Andras Barna wrote:
> it's https:// (s)
> + it cant be viewed from browser
> you need to register @ pkg.sun.com/register

It can be viewed from a browser once you import the certificate you 
obtain from pkg.sun.com/register.

Here's what you do:

openssl pkcs12 -export -in extras.certificate -inkey extras.key -out 
extras.p12

Then, when prompted, choose a password to protect the new certificate 
(or just press enter twice to not have one -- though that isn't 
recommended).

Then, in FireFox:

1) go to edit -> preferences -> advanced -> encryption

2) click "View Certificates"

3) click "Your Certificates"

4) click "Import"

5) find and open extras.p12

6) enter the password for the certificate (just click ok if it doesn't 
have one)

7) click ok, close the preferences dialog and cert manager, and you're done

Now you can access https://pkg.sun.com/opensolaris/extra/  (note the 
slash at the end!).  This conversion process is required because 
browsers generally expect ssl certificates in a different format 
(pkcs12) than they are commonly generated in (PEM-encoded).

You'll notice that FireFox will ask you every time you visit the site 
which cert you want to use to authenticate.  If you don't like that:

1) go to edit -> preferences -> advanced -> encryption

2) Under "When a server requests my personal certificate" click "Select 
one automatically".

3) click close

Now it should only prompt you one more time (or not at all).

Cheers,
-- 
Shawn Walker