RE: Certs: where to get them?

Gregory T'Kint Thu, 04 Jan 2001 06:18:12 -0800
Hi Paul/List,

Just for the record ... you can get a FREE ONE-YEAR 
valid server cert at GlobalSign.  So, you don't need to
setup everything over again after 14 days.
It WILL be recognized by most browsers.

Just click on ...
http://www.globalsign.net/prod/freeserver.cfm?ID=GTKmssl

Any remarks as to procedures or other issues regarding
these certs are welcome and can be send to my own email
address.

Greetz,

G R E G O R Y   T' K I N T
Mailto:[EMAIL PROTECTED]

-----Original Message-----
From: Paul McGarry [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 03, 2001 7:25 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Certs: where to get them?



> And you wouldn't have to do that if you issued your own?

Yes, you would. That's why I said you 'may as well use your
own'. The advantage there being that you don't have to fiddle
around with your server setup every 14 days to install a 
new cert (actually this was primarily an issue for me when
developing on NES, as that completely refused to start when
it had a cert is out of date IIRC. I started using my own CA
for testing and non-general-public uses before I started 
using apache & mod_ssl so I don't know how it behaves).

> Actually, if you think about it, whether you use your own 
> self signed CA or
> a test ID from Verisign, and don't install the 'test' root 
> CA, the end user
> still gets the same error message, something about the issuer 
> not being
> trusted...

There's nothing inherently wrong with using Verisign test
certs. I've just found the time limit annoying. For 
non-general-public uses (ie where you do have real users)
I think the "Do Not Trust" nature of the Verisign test
root cert may raise a few eyebrows, where a CA created
by your own company may not (as you are already likely
to have an existing business relationship with such
users). For general-public uses you more or less need
a commercial cert if you don't want to scare people 
off.

--
Paul McGarry            mailto:[EMAIL PROTECTED] 
Systems Integrator      http://www.opentec.com.au 
Opentec Pty Ltd         http://www.iebusiness.com.au
6 Lyon Park Road        Phone: (02) 9878 1744 
North Ryde NSW 2113     Fax:   (02) 9878 1755

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
RE: Certs: where to get them?

Reply via email to
