Michael wrote:
> Is there any reason to pay for Verisigned keys or does setting up our
> companies own CA work equally well?
Technically, a self-signed certificate will work perfectly well.
However, the browser will "inform" the user that it doesn't recognise
the authority that signed this certificate. If you use Verisign etc..
the browser will already recognise them as a Certificate Authority and
accept the certificate without a squeak.
It depends what you want to use SSL for. If you want strangers to send
you their private details, you'd be better off with a commercial
certificate since they won't be frightened by the "warnings". However,
if you are using SSL for a specific closed group of users, then use your
own certificate and inform them about it...
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
