Lee H. Marzke on 10 Jul 2013 08:14:10 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] https Certificates Question


I don't think the free certs are recognized widely by browsers.

I'm using rapidSSL sold through zoneedit,  $24/yr for single host and
$125/yr for wildcard.    They claim  %99.9  browsers accept them.

I don't use them for e-commerce,  but things like my secure/large file
transfer appliance  ( file drop  server )

The rapidSSL cert through the main site is $49/yr ,  don't understand that
I guess zoneedit is selling wholesale to their clients.

Lee




From: "Sam Gleske" <sam.mxracer@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Wednesday, July 10, 2013 10:11:57 AM
Subject: Re: [PLUG] https Certificates Question

On Wed, Jul 10, 2013 at 7:35 AM, Mail List <maillist@nerdworld.org> wrote:
I need to set up one of my apache web servers as a secure server with
https protocol.

I'm wondering about the costs and potential pitfalls in doing so.

A quick web search has found that commercial certificates from the "big
guys" are around $250/year.  However, I see that CAcert offers
certificates
for free.

Can anyone point me to a good primer/reference for this, or let me know
how you fared establishing a secure web server?

Hi Casey,
Allow me to clarify what you intend.  Are you planning on making your web server public for people not affiliated with you or your company to use?  Or is this web server planned for internal/personal use?

If you're trying to run a shopping cart for people to interact with your business and your customers are random people on the internet then you should definitely get a signed certificate from a well known and accepted authority (there are a number of them).  If this is meant for your own internal use then I suggest running your own personal certificate authority and trusting your certificate authority certificate in all the devices that need to connect to your servers (phones, web browsers, etc).

You can manage your own personal CA using the openssl tools pretty easily.

CA management from Linux,
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/

CA management from Windows,
http://sourceforge.net/projects/xca/

You can have a trusted model with your own "self-signed" certificates by running a certificate authority.  This is not recommended if the public needs to access your server because they won't have your CA trusted.

SAM

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



--
"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
+1 800-393-5217  office        +1 484-348-2230                       fax
+1 610-564-4932  cell           sip://8003935217@4aero.com    VOIP


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug