John R Pierce wrote:
> for self-signed certs, you first create a rootca, you can import the
> rootca public key/cert to your browser, by offering it as the proper
> mime type (I forget the specifics), once accepted into your browser,
> the browser will trust any certs created off that root, same as if
> they are signed by any of the 'commercial' CAs.. of course, if you
> do this, you need to keep your rootca private keys safe.
ok, I found my notes on this... you put your root-certificate.crt on a
webserver, and offer it via a link with mime-type application/x-x509-ca-cert