Self signed certs will pop up a warning to your users that the cert was not issued by a trusted authority. This is fine for development, intranet or similar situations where you can inform your users in advance to go ahead and trust the cert, but I would not recommend using a self signed cert on a site being accessed by the general public.
Take a look at rapidssl.com starter certificates - trusted in nearly all browsers, cheap, single root, and normally issued in a matter of minutes after an automated telephone verification. You have to sign up as a re seller but there's no minimum quantity. They change their terms frequently so I can't say exactly what they will be right now but our contract gives us brand new 1 year certificates for 7.95 and if converting from Verisign or Thawte (which are now one and the same) the first year is free. Renewals after the first year are 29.95.
I've used these for over a year now on at least 15 sites and have not had any problems. If you would like to view a cert to to <shameless plug> https://www.gamedaychallenge.com</shameless plug> and double click the lock at the bottom of the browser.
Jeff
At 7/20/2005 04:14 PM, you wrote:
Has anyone used the Open SSL for Windows? I know I'm being cheap but if they work as well as a regular certificate why pay for them.
http://www.slproweb.com/products/Win32OpenSSL.html
http://gnuwin32.sourceforge.net/packages/openssl.h
Any concerns or recommendations?
Thanks,
Terry
PS: Go see Wedding Crasher. It's hilarious!
