On Thu, 28 Dec 2000, Leland V. Lammert wrote:
> At 09:59 AM 12/28/00 +0000, Jon Hedges wrote:
>
> >Now I was wondering: how does one go by getting the certificates? I assume
> >the snake-oil certs are not supposed for prime-time use, so where can I
> >get a decent certificate, and how much is it gonna cost me?
>
> Here are the four options we recommend:
>
> 1) Generate your own certificate - users will get a series of 'do you trust
> these folks' messages, then once they accept the CERT it will be valid
> until it expires. Great for low-volume sites (remember, a cert it tied to
> the URL of the site, so you can only use one per site).
>
> 2) Purchase a cert from Equifax ($49US). Lowest cost for a cert acceptable
> to most browsers.
>
> 3) Purchase a cert from Thawte ($125US). They were purchased by Verisign
> earlier this year, but to date are still offerring the same deals.
>
> 4) Purchase a cert from Versign ($375US).
5) Globalsign (free!)
> The only advantage to purchasing a CERT from a commercial vendor is that
> the users will not get the dialog boxes asking whether you trust this site.
It also is the 'best' (not perfect) guarantee to prove who you are.
Without a CA signed certificate, anyone can forge a certificat where they say
they are you. If you use a CA, it is much much harder to cheat. (Some
would argue that a CA signed certificate is a proof of identity.)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
