DEPRECATED
Very briefly...
Encyption commonly uses two keys:You can stop the irritating browser messages about unverifiable MSSL certificates by making your browser aware of the MSSL Certification Authority. This is what you do...First, a private (secret) key held in a file used to decrypt messages sent to you.
Secondly, a public key which is distributed in a "Certificate file" which allows people to encrypt messages to you. The certificate includes the name of its owner (or a service).
Certificates are digitally "signed" (validated) by a Certification Authority (CA) whose name is also included on the certificate. Browsers which recognise the CA can verify the signature on that Certificate,
Browsers which do not recognise the CA will generate lots of irritating messages. You will see these increasingly as services make use of encryption.
If needed, this is available in human-readable (X.509) form and in encoded form (PEM). It has this fingerprint .
Save the MSSL CA certificate. to a local file (right click; save link target), remembering the local file name and location.
In Mozilla Thunderbird (or Mozilla Firefox), go to Tools:Options
Select 'Manage Certificates'.
Press the 'Authorities' tab then press 'Import'.
Select the local file containing the MSSL CA certificate.
Select all the trust options and press OK three times.
Save the MSSL CA certificate. to a local file (right click; save link target), remembering the local file name and location.
In Mozilla, go to Select Edit:Preferences and expand 'Privacy & Security'.
Select 'Certificates' then Manage Certificates'.
Press the 'Authorities' tab then press 'Import'.
Select the local file containing the MSSL CA certificate.
Select all the trust options and press OK three times.
Adding the MSSL Certification Authority to Outlook (Windows 98)
Save the MSSL CA certificate. to a local file (right click; save target as), remembering the local file name and location.
In Outlook go to Tools:Options.
Press the 'Security tab' then select 'Digital IDs' to enter the certificate manager.
Press 'Trusted Root Certification Authorities' tab then press 'Import'.
Select the local file containing the MSSL CA certificate and press 'Next'
Select 'Finish' and accept the certificate
Close the certificate manager.
Adding the MSSL Certification Authority to Outlook (Windows 2000)
Save the MSSL CA certificate. to a local file (right click; save target as), remembering the local file name and location.
In Internet Explorer go to Tools: Internet Options.
Press the 'Contents' tab then select 'Certificates'
Press 'Trusted Root Certification Authorities' tab then press 'Import'.
Select the local file containing the MSSL CA certificate and press 'Next'
Select 'Finish' and accept the certificate
Close the certificate manager.
Adding the MSSL Certification Authority to Unix
Find the location of the SSL certificates (try /usr/local/ssl/certs/ or /usr/share/ssl/certs/ or /etc/pki/tls/certs); cd to there.
Obtain copies of the the MSSL certificate in x.509 form (MSSL_signing_certificate.crt.x509.txt) and in PEM encoded form (MSSL_signing_certificate.pem.
Makes SSL aware of the MSSL Certification Authority
cat MSSL_signing_certificate.crt.x509.txt MSSL_signing_certificate.pem >> ca-bundle.crtNote the above is an append.
chmod o+r MSSL_signing_certificate.pem ca-bundle.crt
To accommodate those utilities (e.g. pine) which access this certificate via a hash (use sh or bash)
CERT=MSSL_signing_certificate.pem
ln -s $CERT `openssl x509 -noout -hash < $CERT`.0
Shell beginners should note carefully the syntax here: the command between backquotes is executed and the output substituted. Here the hash evaluates to 8e50763e
Check that 8e50763e.0 (or whatever) is a softlink to MSSL_signing_certificate.pem