At 09:59 AM 12/28/00 +0000, Jon Hedges wrote:
>Now I was wondering: how does one go by getting the certificates? I assume
>the snake-oil certs are not supposed for prime-time use, so where can I
>get a decent certificate, and how much is it gonna cost me?
Hi Jon,
What's the problem with snake-oil in prime time? Who ways a site is any
more reliable with a commercial CERT than a self-signed CERT? Just because
you pay money to get a CERT doesn't prove you are more trustworthy.
Here are the four options we recommend:
1) Generate your own certificate - users will get a series of 'do you trust
these folks' messages, then once they accept the CERT it will be valid
until it expires. Great for low-volume sites (remember, a cert it tied to
the URL of the site, so you can only use one per site).
2) Purchase a cert from Equifax ($49US). Lowest cost for a cert acceptable
to most browsers.
3) Purchase a cert from Thawte ($125US). They were purchased by Verisign
earlier this year, but to date are still offerring the same deals.
4) Purchase a cert from Versign ($375US).
The only advantage to purchasing a CERT from a commercial vendor is that
the users will not get the dialog boxes asking whether you trust this site.
Lee
============================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
============================================
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
