But even if I make my own cert for the one website that needs it right now (another will need one shortly), will it work with a host header? Or would I simply not use a host header for that particular site with IIS 5 and have the site identified by the cert?
Rick -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, August 07, 2006 11:05 PM To: CF-Talk Subject: RE: SSL Certificates > Public perception is not a problem...I'm hosting a non-public office > application for an insurance agent, which will have no pages for the > public to view. In that case, you don't need to buy anything at all. Just use a self-signed certificate as Jim suggested. > A "self-signed" certificate offers the same security as one that I > purchase? Certificates provide two things - they allow you to encrypt all communications between a browser and a server, and they allow you to verify that a site is what it identifies itself as being. Self-signed certificates encrypt everything just like any other certificate, but because they're not issued by a trusted certificate vendor, they don't let you verify anything. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:249108 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
