Lee,
After looking at your web site, I found something very interesting and I was
wondering if you could elaborate on it. I'm guessing you're probably not
aware of this.
The "registration services" you provide, which will list my site with the
500+ search engines for a fee of $49 dollars is set up on a 'non secure'
site. Since you are asking for my credit card number, I would assume this
would be SSL enabled, in order for my CC number to be securely transmitted
to your server.
Where you aware of this? If so, why not turn on SSL on this URL?
Ray
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Leland V. Lammert
Sent: Thursday, December 28, 2000 1:57 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Certs: where to get them?
At 09:59 AM 12/28/00 +0000, Jon Hedges wrote:
>Now I was wondering: how does one go by getting the certificates? I assume
>the snake-oil certs are not supposed for prime-time use, so where can I
>get a decent certificate, and how much is it gonna cost me?
Hi Jon,
What's the problem with snake-oil in prime time? Who ways a site is any
more reliable with a commercial CERT than a self-signed CERT? Just because
you pay money to get a CERT doesn't prove you are more trustworthy.
Here are the four options we recommend:
1) Generate your own certificate - users will get a series of 'do you trust
these folks' messages, then once they accept the CERT it will be valid
until it expires. Great for low-volume sites (remember, a cert it tied to
the URL of the site, so you can only use one per site).
2) Purchase a cert from Equifax ($49US). Lowest cost for a cert acceptable
to most browsers.
3) Purchase a cert from Thawte ($125US). They were purchased by Verisign
earlier this year, but to date are still offerring the same deals.
4) Purchase a cert from Versign ($375US).
The only advantage to purchasing a CERT from a commercial vendor is that
the users will not get the dialog boxes asking whether you trust this site.
Lee
============================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
============================================
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
