NAKAMURA, Hiroshi wrote:
> Hi,
> 
> 
>>From: "Joel VanderWerf" <vjoel / PATH.Berkeley.EDU>
>>Sent: Wednesday, January 14, 2004 5:06 PM
> 
> 
>>[false, "unable to get local issuer certificate"]
>>[false, "certificate not trusted"]
>>[false, "unable to verify the first certificate"]
> 
> 
>>I'm a little worried about those messages. Do I have to generate some 
>>site certificates myself? It looks like the server is using the 
>>"sample.key" and "sample.crt" certificate. (I'm an ssl newbie.)
> 
> 
> Yes.  There's no point in SSL without secure key management and
> correct certificate usage.  It's just a slow connection.

I understand.

> Maybe, the next issue might be "how to generate key and certificate"
> -> "how to create CA (certificate authority)" -> "how to setup
> drbssl client/server with key/certificate".  If you are really a
> ssl newbie (sorry), it's rather a long road.  Do you really need
> SSL?

Well, maybe not. In my distributed app, users have passwords that they 
use in their drb clients to access their own data in the server. The 
data itself is not critical, though, so a stolen password is not the end 
of the world (and the server itself will be SAFE enough not to do any 
harm). I was hoping SSL would be easy to plug in to drb, and generating 
keys would be as easy as it is for SSH (maybe it is?).

> I'll be able to post setup log of this tomorrow or the next if you
> want.  Though I've not used drb with ssl yet.

Only if you feel like it, NaHi. But I have a feeling the next step is 
for me to read the openssl man page....