Two questions (perhasp I should have split this)
#1 When I look at Thawte or VeriSign certs that a server has there is a heirichy, Thawte then Me or VeriSign then Me.
Well I made my on CA and signed some certs but they don't have the heirichy like the commercial ones. What gives? Do I
need to make a root CA, then another CA signed by root then sign the certs with the second one?
#2 In this hypothetical situation how would someone break in or view the data transmitted?
Hardend Linux/Apache system with only port 443 open in a secure facility (please assueme that hardend means everything
you, dear reader, would do to secure a box). Now this Apache server is configured only to accept connections from
clients who present a certificate signed by the CA in #1 above. If the client is not signed I generate and securely
transmit a cert to the client and then open the network to their IP.