Jonathan Simpson on 10 Jul 2013 08:26:23 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] https Certificates Question


There's a free startssl cert on https://talks.fosscon.org if you'd like to check if your browser(s) accept it.

On 7/10/2013 11:14 AM, Lee H. Marzke wrote:
I don't think the free certs are recognized widely by browsers.

I'm using rapidSSL sold through zoneedit, $24/yr for single host and $125/yr for wildcard. They claim %99.9 browsers accept them.

I don't use them for e-commerce, but things like my secure/large file
transfer appliance  ( file drop  server )

The rapidSSL cert through the main site is $49/yr , don't understand that
I guess zoneedit is selling wholesale to their clients.

Lee



------------------------------------------------------------

    *From: *"Sam Gleske" <sam.mxracer@gmail.com>
    *To: *"Philadelphia Linux User's Group Discussion
    List" <plug@lists.phillylinux.org>
    *Sent: *Wednesday, July 10, 2013 10:11:57 AM
    *Subject: *Re: [PLUG] https Certificates Question

    On Wed, Jul 10, 2013 at 7:35 AM, Mail List
    <maillist@nerdworld.org
    <mailto:maillist@nerdworld.org>> wrote:

        I need to set up one of my apache web servers as a
        secure server with
        https protocol.

        I'm wondering about the costs and potential
        pitfalls in doing so.

        A quick web search has found that commercial
        certificates from the "big
        guys" are around $250/year.  However, I see that
        CAcert offers
        certificates
        for free.

        Can anyone point me to a good primer/reference for
        this, or let me know
        how you fared establishing a secure web server?


    Hi Casey,
    Allow me to clarify what you intend.  Are you planning
    on making your web server public for people not
    affiliated with you or your company to use?  Or is
    this web server planned for internal/personal use?

    If you're trying to run a shopping cart for people to
    interact with your business and your customers are
    random people on the internet then you should
    definitely get a signed certificate from a well known
    and accepted authority (there are a number of them).
    If this is meant for your own internal use then I
    suggest running your own personal certificate
    authority and trusting your certificate authority
    certificate in all the devices that need to connect to
    your servers (phones, web browsers, etc).

    You can manage your own personal CA using the openssl
    tools pretty easily.

    CA management from Linux,
    http://www.g-loaded.eu/2005/11/10/be-your-own-ca/

    CA management from Windows,
    http://sourceforge.net/projects/xca/

    You can have a trusted model with your own
    "self-signed" certificates by running a certificate
    authority.  This is not recommended if the public
    needs to access your server because they won't have
    your CA trusted.

    SAM

    ___________________________________________________________________________
    Philadelphia Linux Users Group         --
     http://www.phillylinux.org
    Announcements -
    http://lists.phillylinux.org/mailman/listinfo/plug-announce
    General Discussion  --
    http://lists.phillylinux.org/mailman/listinfo/plug




--
"Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
+1 800-393-5217  office        +1 484-348-2230        fax
+1 610-564-4932 cell sip://8003935217@4aero.com VOIP




___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug