On Thursday 24 Jan 2008, Rick Faircloth wrote:
I think the important thing here is to anything and everything
the client wants as long as they're willing to pay for it,
Hell yes :-)
--
Tom Chiverton
Helping to dynamically strategize plug-and-play e-business
on:
A quote From O Brother, Where Art Thou?
This stew's awful good.
Wash responds, You think so? I slaughtered this horse last Tuesday. I'm
afraid she's startin' to turn.
Just sayin'... ;)
On Jan 25, 2008 5:33 PM, James Holmes [EMAIL PROTECTED] wrote:
Yes, wildcard certs work fine under Apache
-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 7:09 PM
To: CF-Talk
Subject: RE: OT: SSL Necessary? Important?
typically no, because virtual hosting relies on host
headers. The web server doesn't receive the headers until
after the connection is established
Yes, wildcard certs work fine under Apache too.
On Jan 26, 2008 2:20 AM, Dave Watts [EMAIL PROTECTED] wrote:
I'd like to see some proof of this. Is this only with
wildcard certs (in which case it would only work for
*.domainname.com), or it is for any kind of cert (such that
you can have
I'd like to see some proof of this. Is this only with
wildcard certs (in which case it would only work for
*.domainname.com), or it is for any kind of cert (such that
you can have www.example.com and www.example2.com) on the
same IP with no SSL problems?
Wildcard certs only. I
What's the total cost, typically?
Cost of the SSL Cert, plus a dedicated IP (required, correct?),
plus whatever other charges an ISP may charge?
Rick
-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 1:02 AM
To: CF-Talk
Subject: Re: OT
a dedicated IP (required, correct?),
plus whatever other charges an ISP may charge?
Rick
-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 1:02 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
On Jan 24, 2008 11:38 AM
IP (required, correct?),
plus whatever other charges an ISP may charge?
Rick
-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 1:02 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
On Jan 24, 2008 11:38 AM
[mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 1:02 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
On Jan 24, 2008 11:38 AM, Claude Schneegans [EMAIL PROTECTED] wrote:
Is the SSL encryption overkill for something like this?
IMHO yes.
Unless
On Thursday 24 Jan 2008, James Holmes wrote:
A dedicated IP is probably necessary with your host, since I assume
you're sharing an IP right now.
You can serve multiple different SSL'ed domains from the same IP, can't you ?
Your existing hose may also have a cheaper deal too.
--
Tom Chiverton
On Thursday 24 Jan 2008, J.J. Merrick wrote:
And on the topic I would say that it probably is overkill but a lot of
times peoples perception of security makes them happy.
But most web browser uses can't tell the difference between TLS and non-TLS,
so sometimes you have to ask yourself if it's
I've never implemented and SSL cert, so I'm not sure, but I thought
each SSL had to have a dedicated IP. ???
Rick
-Original Message-
From: Tom Chiverton [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 9:37 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important
Why would anybody spend more then $20 a year on an SSL cert? Godaddy's
certs are perfectly adequate.
Russ
-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 9:04 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
For example
: Thursday, January 24, 2008 9:04 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
For example, digicert certs are $99:
http://www.digicert.com/
A dedicated IP is probably necessary with your host, since I assume
you're sharing an IP right now
On 1/24/08, Tom Chiverton [EMAIL PROTECTED] wrote:
On Thursday 24 Jan 2008, James Holmes wrote:
A dedicated IP is probably necessary with your host, since I assume
you're sharing an IP right now.
You can serve multiple different SSL'ed domains from the same IP, can't you ?
Your existing
Yeah, I agree with that JJ...
-Original Message-
From: J.J. Merrick [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 9:24 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
And on the topic I would say that it probably is overkill but a lot of
times peoples
But the church is also asking about an encrypted connection using an SSL
certificate.
What a meanness! Don't they have some sort of divine protection already? ;-)
--
___
REUSE CODE! Use custom tags;
See
Subject: Re: OT: SSL Necessary? Important?
On Thursday 24 Jan 2008, J.J. Merrick wrote:
And on the topic I would say that it probably is overkill but a lot of
times peoples perception of security makes them happy.
But most web browser uses can't tell the difference between TLS and non-TLS
) as
one you buy for $600.
Russ
-Original Message-
From: Tom Chiverton [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 9:37 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
On Thursday 24 Jan 2008, James Holmes wrote:
A dedicated IP is probably necessary with your
Of course users may not desire the warning about an untrusted cert
and this can be worse than no protection at all.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address:
@houseoffusion.com
Sent: Thursday, January 24, 2008 10:16 AM
Subject: Re: OT: SSL Necessary? Important?
On 1/24/08, Tom Chiverton [EMAIL PROTECTED] wrote:
On Thursday 24 Jan 2008, James Holmes wrote:
A dedicated IP is probably necessary with your host, since I assume
you're sharing an IP right now
PROTECTED]
Sent: Thursday, January 24, 2008 9:10 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
yeah, it really isn't bad. Depending on the host they might have a
shared SSL cert you can use. Essentially they just map your site as a
folder underneath a larger site.
In the end it is like
24, 2008 11:17 AM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
On 1/24/08, Tom Chiverton [EMAIL PROTECTED] wrote:
On Thursday 24 Jan 2008, James Holmes wrote:
A dedicated IP is probably necessary with your host, since I assume
you're sharing an IP right now.
You can serve multiple
Possibly... but the Scripture also teaches Christians to be
wise as serpents... :o)
Rick
-Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 12:45 PM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
But the church is also
On 1/24/08, Russ [EMAIL PROTECTED] wrote:
Why would anybody spend more then $20 a year on an SSL cert? Godaddy's
certs are perfectly adequate.
That depends if it's an introductory rate or not. I wouldn't buy a
$20 cert if I had to pay $90 to renew it, rather I'd just buy the $25
certs that I
Godaddy certs are $20 all the time... I think they're on sale for $15 now or
something...
Russ
-Original Message-
From: Rick Root [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 5:29 PM
To: CF-Talk
Subject: Re: OT: SSL Necessary? Important?
On 1/24/08, Russ [EMAIL
Why would anybody spend more then $20 a year on an SSL cert?
Godaddy's certs are perfectly adequate.
unless you have a large enough number of users visiting your site, in
which case some of them with older computers won't recognize the certificate
as valid because they don't have the
You can always generate a bogus certificate for free (Like
the default Snake Oil cert that is created by Apache).
You will get the same level of encryption as a digitally signed cert
(i.e: one that costs money) but the browser will complain
about it not being signed or something of that
typically no, because virtual hosting relies on host
headers. The web server doesn't receive the headers until
after the connection is established.
This appears to no longer be the case with IIS 6, at least. To be honest,
I'm not exactly sure how this works with IIS 6, but it appears that
I've never implemented and SSL cert, so I'm not sure, but I
thought each SSL had to have a dedicated IP. ???
This used to be the case, but isn't any more:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5
96b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true
However,
I tell clients with public web sites that they probably
need a cert from a popular reputable provider in order to
avoid the browser warning. But the thing to remember is that
(in most cases) the warning is saying that your company may
not be ok ... Not that the information is unencrypted
I'm not in a shared environment. I have my own VPS.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 24, 2008 7:47 PM
To: CF-Talk
Subject: RE: OT: SSL Necessary? Important?
I've never implemented and SSL cert, so I'm not sure, but I
thought
Hi, all.
Pardon a quick OT question (or two). I have a client (church) that wants
to have a directory that is accessible to the membership, but not the
general public. Access will be controlled by password/username login.
But the church is also asking about an encrypted connection using an SSL
Is the SSL encryption overkill for something like this?
IMHO yes.
Unless they are willing to pay for more protection, because it is not free.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any
On Jan 24, 2008 11:38 AM, Claude Schneegans [EMAIL PROTECTED] wrote:
Is the SSL encryption overkill for something like this?
IMHO yes.
Unless they are willing to pay for more protection, because it is not free.
Unless they use OpenSSL and self-sign, which is free. Of course users
may not
Depends on the Cert I have a wildcard SSL cert I use for my WebHosting
Control Panel. Generally SSL is per domain
so if you purchased a cert for xyzdomain.com it would work for
https://www.xyzdomain.com
https://xyzdomain.com
https://www.xyzdomain.com/somedirectory/
but not
To: CF-Talk
Subject: Re: OT: SSL Certificates
Depends on the Cert I have a wildcard SSL cert I use for my WebHosting
Control Panel. Generally SSL is per domain so if you purchased a cert for
xyzdomain.com it would work for https://www.xyzdomain.com
https://xyzdomain.com https://www.xyzdomain.com
Hi, guys.
I just purchased my first Security Certificate and need to know how to apply
it to my server / sites.
I host multiple sites. Would the certificate apply to my server and
therefore
to all the sites on my server or would each site have to have its own
certificate?
Rick
I'm looking to get five or six SSL certificates for our company and am
scratching my head at the offerings. We'd like 128bit security (just
'cause) but I see a lot of comments regarding some browsers only
supporting 40bit and 56bit. What's the story here? Also, on Verisign's
Managed PKI For SSL
Anyone got any links/tips etc for generating an SSL cert? I just need one
for testing etc and don't really need to go to a CA to get one. I can
install MS Certificate Server but ideally would like another option if
possible.
N
This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Robertson-Ravo, Neil (RX) wrote:
Anyone got any links/tips etc for generating an SSL cert? I just need one
for testing etc and don't really need to go to a CA to get one. I can
install MS Certificate Server but ideally would like another option if
possible.
N
If you're using linux:
Are you using IIS or Apache? SSL support is in IIS by default. If you are using
Apache, you need to compile Apache with SSL support using OpenSSL. I have a
blog entry on doing just that here:
http://www.funkymojo.com/blog/index.cfm?mode=dayday=17month=5year=2005
The intstructions in the linked
I have seen various places discussed before on where to get an SSL
certificate.My question is though, as long as your are 128-bit secure,
home much does the name on who issued the certificate count?VeriSign
wants $895 for the same certificate that GeoTrust wants $295 or and Thawte
wants $200
For one reason or another I choose not to do business with Verisign.I just
found out Thawte is associated with Verisign.I am now wondering what
independent Certificate authorities are left that are unassociated with
Verisign.
Anybody feel the same and been through this already?
Thanks.
-Nate
Geo-Trust
-Original Message-
From: Nathan C. Smith [mailto:[EMAIL PROTECTED]
Sent: Monday, February 09, 2004 11:00 AM
To: CF-Talk
Subject: [OT] SSL Certificate Source
For one reason or another I choose not to do business with Verisign.I just
found out Thawte is associated with Verisign.I
Tucows.com allows you to resell certificates.Not sure if you can just
buy one or not.
John
-Original Message-
From: Nathan C. Smith [mailto:[EMAIL PROTECTED]
Sent: Monday, February 09, 2004 12:00 PM
To: CF-Talk
Subject: [OT] SSL Certificate Source
For one reason or another I choose
2:08 PM
To: CF-Talk
Subject: RE: [OT] SSL Certificate Source
Tucows.com allows you to resell certificates.Not sure if you can just
buy one or not.
John
-Original Message-
From: Nathan C. Smith [mailto:[EMAIL PROTECTED]
Sent: Monday, February 09, 2004 12:00 PM
To: CF-Talk
Subject: [OT
I've used GeoTrust and Comodo - both great prices, both have provided great
phone tech support when I've
needed that regarding moving servers and such.
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
Also have used both Comodo and GeoTrust.Have dropped GeoTrust given their pricing fluctuations and renewal practices (search the archives).Comodo certs at $42 work great and can be installed in a few secs, provided you have a resller acct.
--
---
Matt
==
Aspire to Inspire before you Retire or Expire!
- Original Message -
From: Alan Rafael Bleiweiss
To: CF-Talk
Sent: Monday, February 09, 2004 5:45 PM
Subject: RE: [OT] SSL Certificate Source
I've used GeoTrust and Comodo - both great prices, both have provided great
phone
Thought I'd pass this along:
After learning of it on CF-Talk, I've been buying Geotrust certs from
http://rackshack.net for US$49. They just lowered the price to
***US$29***.
Since GeoTrust still retails for US$119 my margins just got thicker :D
I don't know how Verisign and Thawte can
Hello,
When I make changes to a file, either the one I'm working on or the application.cfm
file, the changes are always viewable when I use http://serverpath As soon as I use
https://serverpath the changes are not present and it appears that it is using a
cached version of the page. I've
Do you have a hardware device that caches SSL pages - sometimes they are
used to offload the processor intensive job of SSL.
-mk
-Original Message-
From: Houk, Gary [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 1:14 PM
To: CF-Talk
Subject: OT - SSL issues?
Hello
Hello,
When I make changes to a file, either the one I'm working on or the
application.cfm file, the changes are always viewable when I use
http://serverpath As soon as I use https://serverpath the changes are not
present and it appears that it is using a cached version of the page. I've
]]
Sent: Wednesday, September 25, 2002 2:55 PM
To: CF-Talk
Subject: Re: OT - SSL issues?
Hello,
When I make changes to a file, either the one I'm working on or the
application.cfm file, the changes are always viewable when I use
http://serverpath As soon as I use https://serverpath the changes
Is Verisign the only company you buy a 128bit certificate from? $900
per year, per site seems a bit steep.
__
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
- Original Message -
From: Chad Gray [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Tuesday, July 09, 2002 1:28 PM
Subject: OT: SSL
Is Verisign the only company you buy a 128bit certificate from? $900
per year, per site seems a bit steep
There's other places, though I can't give an example right off. Thawte provided
competition to Verisign until Verisign bought them.
Also, it depends what you want the certificate for. If it's for commercial use and for
people to trust you, Verisign is well recognized.
If all you want is a
www.openssl.org
You can make your own for free. The only reason you would buy one is
to show the websurfer you are who you say you are.
On Tue, 9 Jul 2002, Chad Gray wrote:
Is Verisign the only company you buy a 128bit certificate from? $900
per year, per site seems a bit steep.
If you only need one or two certs, I wouldn't go with the homebrew method. To much
work, and you don't end up saving much money, if any.
Kevin
[EMAIL PROTECTED] 07/09/02 11:53AM
www.openssl.org
You can make your own for free. The only reason you would buy one is
to show the websurfer you
*ahem*
https://www.openssl.org/
- Original Message -
From: Alex [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Tuesday, July 09, 2002 2:53 PM
Subject: Re: OT: SSL
www.openssl.org
You can make your own for free. The only reason you would buy one is
to show the websurfer you
Hello,
Sorry about being OT, but I think I saw something about this on this list
before.
Are there any registry entries that might need to be manually deleted after
uninstalling a digital certificate in IIS 5.0?
I uninstalled the trial cert and installed the paid for cert, but I'm
getting page
Hi all,
We've got a number of dial-up customers complaining of slow response times,
but only on SSL pages.
We only process about 500 transactions per day, but I'm wondering if an SSL
accelerator would alleviate the problem.
Anyone out there have any experience with SSL accelerator cards and
I could use some clarification on SSL.
If I create a link with url parameters, are the url parameters SSL
encrypted?
ex: https://www.domain.com/xyz.cfm?x=1234y=5678
I was under the impression that the urls params generated from a link were
not SSL encrypted.
TIA,
Duane
Duane Boudreau wrote:
I could use some clarification on SSL.
If I create a link with url parameters, are the url parameters SSL
encrypted?
Everything you send over a HTTPS connection is encrypted. This includes
URL parameters.
Jochem
Some web servers allow you to specify different webroot directories depending on
whether you're coming in through port 443 (https) or port 80 (http). Sounds like this
is happening to you.
Chris Norloff
-- Original Message
~~
Your ad
Quick question, how can I configure the root of a ssl-domain correctly ?
The standard way of configuring it via base-directory and HTTP-Header didn't
work.
When clicking on s.th. like: https://www.test.com/
I get an 404-error (file not found). It looks like it is a total different
root-directory
Do you have SSL certificates on your webserver? If so let us know your
webserver software because thats where you configure.
On Fri, 30 Nov 2001, CF-Talk (SD Solutions) wrote:
Quick question, how can I configure the root of a ssl-domain correctly ?
The standard way of configuring it via
Win NT 4 / IIS 4
Uwe
- Original Message -
From: Alex [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Friday, November 30, 2001 5:49 PM
Subject: Re: OT: SSL-Root
Do you have SSL certificates on your webserver? If so let us know your
webserver software because thats where you
Do you have SSL certificates??
On Fri, 30 Nov 2001, CF-Talk (SD Solutions) wrote:
Win NT 4 / IIS 4
Uwe
- Original Message -
From: Alex [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Friday, November 30, 2001 5:49 PM
Subject: Re: OT: SSL-Root
Do you have SSL
Yap.
Testing with self-created ones on the host itself.
Should work fine. And the certificates look good as well.
Uwe
-Ursprüngliche Nachricht-
Von: Alex [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 30. November 2001 18:51
An: CF-Talk
Betreff: Re: OT: SSL-Root
Do you have SSL
Sorry for the OT question:
Is one SSL certificate valid for one whole domain, or is it valid only
for one fully qualified domain name?
i.e., is it valid for *.mydomain.com, or only mysite.mydomain.com?
~~
Get the mailserver that powers this list
You can buy it both ways. Normally it's for one hostname only, but you can
buy both wildcard certificates and multiple host certficates...
Sorry for the OT question:
Is one SSL certificate valid for one whole domain, or is it valid only
for one fully qualified domain name?
i.e., is it
CF-Talk is his HOME :-)
All in luv brutha Dave .
Steve
- Original Message -
From: "Peter J. MacDonald" [EMAIL PROTECTED]
To: "CF-Talk" [EMAIL PROTECTED]
Sent: Tuesday, January 23, 2001 5:42 PM
Subject: RE: Slightly OT: SSL information
Thanks Dave,
You ha
18, 2001 00:56
To: CF-Talk
Subject: RE: Slightly OT: SSL information
yeah. ask away. :) i did some security work as webadministrator for a DOD
project with SSL. it's VERY easy to implement. are you using IIS?
chris olive, cio
cresco technologies
[EMAIL PROTECTED]
http://www.crescotech.com
I understand it what it does by reading the technical specs
for it. I was looking for the steps to implement it. I'm not
even sure where to start. I am use IIS, is it different for
different web servers. I am likely to need to do UNIX as well.
The way you set up SSL is different from one
]
Web Page: www.creatcomp.com
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 23, 2001 20:37
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'
Subject: RE: Slightly OT: SSL information
I understand it what it does by reading the technical specs
http://docs.iplanet.com/docs/manuals/security/sslin/index.htm
-and-
your web server's manual and online help/knowledgebase
-and-
Web Security Commerce by Garfinkel Spafford (published by O'Reilly
http;//www.ora.com)
Verisign has some info http://www.verisign.com
There's also a book out that
PROTECTED]]
Sent: Wednesday, January 17, 2001 7:13 PM
To: CF-Talk
Subject: Slightly OT: SSL information
I was wondering where there is a good place to learn about SSL
implementation?
Thank You,
Peter
Peter J. MacDonald II
Creative Computing, Inc.
100 Middle Street
Lincoln, RI 02865
Phone
http://www.modssl.org/
if you are using apache
- Original Message -
From: Peter J. MacDonald [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Thursday, January 18, 2001 8:12 AM
Subject: Slightly OT: SSL information
I was wondering where there is a good place to learn about SSL
I was wondering where there is a good place to learn about SSL
implementation?
Thank You,
Peter
Peter J. MacDonald II
Creative Computing, Inc.
100 Middle Street
Lincoln, RI 02865
Phone: 401.727.0183 x208
Fax: 401.727.4998
Portable: 401.965.3661
E-MAIL: [EMAIL PROTECTED]
Web Page:
Agh! I'm having an SSL nightmare. Is anyone experienced in setting up
certificates? Particularly with AbleCommerce?
contact direct at [EMAIL PROTECTED]
Cheers
Taz
--
Archives: http://www.eGroups.com/list/cf-talk
To
82 matches
Mail list logo