> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Ryan Whitney > Sent: Wednesday, 17 September 2008 08:04 > To: Mifos functional discussions > Subject: [Mifos-functional] To SSL Cert or not to SSL Cert > > Hello all,
Hello Ryan > Next topic. Should an MFI who wants to use SSL to secure > their communications between the Mifos instance and branches > use a self-signed SSL or pay for an authenticated one? I've > heard arguments on both sides of the fence, although it > mainly seems to be hinging that an authenticated one IS more > secure, but can be expensive and a pain to get. > > Thoughts? I've said it before and I'll say it again: Any system that sends passwords and personal and financial data over the Internet in plaintext is not production ready. Sorry Mifos. CACert (www.cacert.org) issues free certificates, which should be affordable to most MFIs. The downside is that their root certificate isn't installed in most browsers by default. On Windows, at least. However it's a simple matter to install it - http://www.cacert.org/index.php?id=3 - and the end users' PCs should be under the MFI's management, so installing on them should be simple. (Installing a root certificate for a self-signed cert is also be possible, and I use them for some systems as well.) Visit https://rt.kula.co.nz for an example. If you haven't installed the root certificate you'll get a warning - quite strong in the case of Firefox 3 - but once it is installed the site looks just like any that is authenticated by one of the expensive ones. This URL is for a site on a server on my home network, connected via ADSL and with a dynamic IP address... I am authorised to generate CACert certificates and believe that it is within their Ts & Cs for me to do that for a domain where I can prove I have a degree of control. For example, to complete the process I must have an email address on the domain the host certificate is being generated for. If I have root access to a Linux box (authenticated through a ssh key pair, of course) the process is pretty straightforward. Regards Graeme ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Mifos-functional mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mifos-functional
