On Mon, Jun 28, 1999, Jason Gilmore wrote:
> I have very recently (today) set up a secure server, and am currently
> using the test certificate to test the setup.
>
> The reason why I am using a secure server is to protect database data
> for a project we are currently working on. The database will be for
> internal use only, and will not be accessible to the outside.
>
> Therefore, my question is:
>
> Is the test certificate good enough for encryption, or is it suggested
> that we purchase a certificate?
>
> If it is not good enough, why? I have read the docs, but must not
> understand something...
The encryption technically is fine also with a test server certificate. The
point of test certificates vs. purchased certificates is only that your
clients needs a chance to verify that it is really the certificate of your
server. For this they need to know the issuing CA certificate and what the
purchased certificates mainly offer is that their CA certificates are
pre-configured in most browsers. For test certificates this isn't the case.
But technically they are not better than self-constructed test certificates.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
