I tried 2 companies(One was equifax, and the other may have been geotrust. It has been a while), because they were CHEAP, and found out that they were too stupid to support the first, and still worlds most popular webserver with twice the saturation of IIS, and many notable companies like IBM and Oracle are basing THEIR server on it.(So the actual count is really higher) Of course, I am talking about Apache.
When I talked to them, they had no idea what they were talking about. I got so fed up, that I ordered the SSL from Thawte(at twice the price). THEIRS went off without a hitch. Thawte used to be the second biggest C/A in the world, until the largest (verisign) bought them out. Thawte still hasn't raised its prices in line with verisigns though. Just as well, I later found one of these supposedly very compatible certificates(from equifax), and found that it didn't work in one of my browsers which, at that point, had perhaps 10-20% of the market.(SURE, it was "obsolete", but if it doesn't work there it probably won't work on any but the latest.) And who wants to lose 10-20% of their market? The other browser was the very latest I.E. version, and it worked ok there. The thawte cert works great even in that now even MORE obsolete browser.(It may have a less than 2% market share now) It also works fine in the newest version of I.E. BTW, those minor players systems gave me a problem with the CSR. LOGIC, all open source software, Verisign, and thawte said it was GOOD! I would believe the 3 major players, and common sense, before I would believe a veritable unknown in the industry. Apparantly the discrepancy is that there are several formats of CSRs and/or certs. As I recall, verisigns system asked two questions, with a lot of choices, regarding this. BTW, the OTHER incompatibility was with the C/A record in the browser. As I said, nobody buys domain names.(You can set them up for free) They buy the routing service USING the domain name. Likewise, nobody buys an SSL certificate(you can get one for free. Even VERISIGN gives them out for free). You buy the SIGNING of the certificate so that your customers computer won't complain. (The complaint in netscape almost accuses you of fraud! Even a savvy customer, that knows you, may be dissuaded by it.) (Verisigns free certificates aren't properly signed, for just that reason. If you want one PROPERLY signed, you have to PAY.). Newer players using newer signitures aren't included by default in as many browsers or versions. Steve >-- Original Message -- >From: "Kim Phelan" <[EMAIL PROTECTED]> >To: "Richard Lucking" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: RE: Error when purchasing Geotrust quickssl >Date: Wed, 4 Dec 2002 09:46:41 -0500 > > >Looks like there is something wrong with the CSR, and it is isn't >being accepted. >Try it on the following form, to see whether the CSR is valid. >https://products.geotrust.com/ssl/quickssl.do > >I do have a "typical CSR" problem FAQ in PDF, if you'd like me to pass >along. >(I won't post the attachment to discuss, for those who don't need it) > >Hope that helps > >Kim Phelan >Product Manager >Tucows, Inc. > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Richard Lucking >Sent: Wednesday, December 04, 2002 9:30 AM >To: [EMAIL PROTECTED] >Subject: Error when purchasing Geotrust quickssl > > >I sent an email to geotrust asking for help on this one about 24 hours >ago - >and haven't had a reply and/or acknowledgement yet - so I wondered if >anyone >here had any suggestions. > >We purchased a cert through the old system without too many hitches >(once we >changed the country code from "UK" to "GB") - and are now trying to >purchase >one through the new system (at https://resellers2.opensrs.net/). > >We generated the CSR the same way, and it all seems correct, but when >we >submit the order I just get the error: > >===== >Error (9007) when processing item ID #2132: Order request failed: >Error >Submitting Order. Invalid Field: CSR Problem: Field ''CSR'' is invalid >(-2006): CSR >Cannot fulfill order. >===== > >And in the order summary we have the following events: >03-DEC-2002 18:58:33 Certificate request has being sent to supplier >03-DEC-2002 18:58:34 Supplier rejected the request >03-DEC-2002 18:58:34 Certificate request not accepted by supplier > >Any suggestions as to things to try whilst I'm waiting for Geotrust to >get >back to me would be appreciated. > >Cheers >Richard Lucking >
