|Tim Allen on 10 Jul 2013 06:15:54 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] https Certificates Question|
If you're worried about IE users, make sure you test in IE6/xp if possible as well. It may not be as up to date as far as having certs included, and there are sadly still a lot of users running it.
On 7/10/2013 8:34 AM, Mail List wrote:
On Wed, 10 Jul 2013 07:40:45 -0400, David Coulson <firstname.lastname@example.org>
On 7/10/13 7:35 AM, Mail List wrote:I'm writing a web application that will have personal data. The user will
I need to set up one of my apache web servers as a secure server withWhat is the business case for SSL? Not to say you do it no matter the
I'm wondering about the costs and potential pitfalls in doing so.
cost, but in general if you need SSL there is justification to pay for
log in with a password, and then enter data of a personal nature into forms
on the web page.
My user base will be very unsophisticated, so any type of scary
"certificate may not be valid" popup message would be unacceptable. I
don't care about the groovy logo, since that won't drive any sales revenue.
Basically, I need to safeguard customer's data, and make the safeguarding
transparent to them.
So I guess I'll start with a one of the free certificates (startssl.com or
comodo.com) and see how they work. If I don't get any scary maessages when
using IE, I'm probably good to go.
Thanks to all for the comments and help!
A quick web search has found that commercial certificates from the "bigCAcert isn't a universally trusted certificate authority, as they have
guys" are around $250/year. However, I see that CAcert offers
not gone through the same certification/auditing process as the large
commercial vendors. In general, I would never run anything production
using their certificates.
Can anyone point me to a good primer/reference for this, or let me knowI just buy certificates from Verisign (now Symantec). Maybe $500/yr for
how you fared establishing a secure web server?
a 'normal' cert, but never had any issues.
there is a smaller vendor - startssl.org - who offer free certificates,
but not sure how widely they are supported. Comodo keep trying to sell
me stuff, and they are pretty cheap - Think they got compromised a while
ago, so we've avoided them.
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug