Jonathan Simpson on 10 Jul 2013 08:26:23 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] https Certificates Question |
On 7/10/2013 11:14 AM, Lee H. Marzke wrote:
I don't think the free certs are recognized widely by browsers.I'm using rapidSSL sold through zoneedit, $24/yr for single host and $125/yr for wildcard. They claim %99.9 browsers accept them.I don't use them for e-commerce, but things like my secure/large filetransfer appliance ( file drop server )The rapidSSL cert through the main site is $49/yr , don't understand thatI guess zoneedit is selling wholesale to their clients. Lee ------------------------------------------------------------ *From: *"Sam Gleske" <sam.mxracer@gmail.com> *To: *"Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> *Sent: *Wednesday, July 10, 2013 10:11:57 AM *Subject: *Re: [PLUG] https Certificates Question On Wed, Jul 10, 2013 at 7:35 AM, Mail List <maillist@nerdworld.org <mailto:maillist@nerdworld.org>> wrote: I need to set up one of my apache web servers as a secure server with https protocol. I'm wondering about the costs and potential pitfalls in doing so. A quick web search has found that commercial certificates from the "big guys" are around $250/year. However, I see that CAcert offers certificates for free. Can anyone point me to a good primer/reference for this, or let me know how you fared establishing a secure web server? Hi Casey, Allow me to clarify what you intend. Are you planning on making your web server public for people not affiliated with you or your company to use? Or is this web server planned for internal/personal use? If you're trying to run a shopping cart for people to interact with your business and your customers are random people on the internet then you should definitely get a signed certificate from a well known and accepted authority (there are a number of them). If this is meant for your own internal use then I suggest running your own personal certificate authority and trusting your certificate authority certificate in all the devices that need to connect to your servers (phones, web browsers, etc). You can manage your own personal CA using the openssl tools pretty easily. CA management from Linux, http://www.g-loaded.eu/2005/11/10/be-your-own-ca/ CA management from Windows, http://sourceforge.net/projects/xca/ You can have a trusted model with your own "self-signed" certificates by running a certificate authority. This is not recommended if the public needs to access your server because they won't have your CA trusted. SAM ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug --"Between subtle shading and the absence of light lies the nuance of iqlusion..." - KryptosLee Marzke, lee@marzke.net http://marzke.net/lee/IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM+1 800-393-5217 office +1 484-348-2230 fax+1 610-564-4932 cell sip://8003935217@4aero.com VOIP___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug