David Coulson on 10 Jul 2013 04:46:35 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] https Certificates Question

On 7/10/13 7:35 AM, Mail List wrote:
I need to set up one of my apache web servers as a secure server with
https protocol.

I'm wondering about the costs and potential pitfalls in doing so.
What is the business case for SSL? Not to say you do it no matter the cost, but in general if you need SSL there is justification to pay for the cert.

A quick web search has found that commercial certificates from the "big
guys" are around $250/year.  However, I see that CAcert offers
for free.
CAcert isn't a universally trusted certificate authority, as they have not gone through the same certification/auditing process as the large commercial vendors. In general, I would never run anything production using their certificates.

Can anyone point me to a good primer/reference for this, or let me know
how you fared establishing a secure web server?

I just buy certificates from Verisign (now Symantec). Maybe $500/yr for a 'normal' cert, but never had any issues.

there is a smaller vendor - startssl.org - who offer free certificates, but not sure how widely they are supported. Comodo keep trying to sell me stuff, and they are pretty cheap - Think they got compromised a while ago, so we've avoided them.
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug