Re: [gentoo-user] OT - SSL certificate authorities
On Sat, 19 Nov 2005, kashani wrote: A. Khattri wrote: GeoTrust claim to have their root cert in 99% of the browsers out there... Claims and actually works are two different things. For the record IE 5 on the Mac is your big problem child. IE 5 on Mac is a strange beast in many many ways (wearing my web developer hat now ;-) -- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
On Wed, 16 Nov 2005, kashani wrote: We've got a number of customers that use Geotrust which is significantly cheaper than Verisign/Thwate. Someone also uses Starfield which is dirt cheap. There is a technical issue when using certs no one has ever heard of before. Many times their cert company's root certs or whatever are not in the user's browser. GeoTrust claim to have their root cert in 99% of the browsers out there... -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
A. Khattri wrote: GeoTrust claim to have their root cert in 99% of the browsers out there... Claims and actually works are two different things. For the record IE 5 on the Mac is your big problem child. If it works with a particular cert *AND* the SSL options/env you're passing then you're pretty much golden. However I'd still take 30 seconds to install the chain cert because I'm paranoid like that. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
Antoine wrote: Hi, We are going to set up ssl on a webserver at work and I guess that means we need a certificate... does anyone have any useful alternatives to Verisign? Are they really worth the name? We are not going to be doing any monetary transactions but our clients are very security conscious (who isn't!) and I have no experience in these matters. I am certain the boss will want verisign, as he buys a lot of stuff just for the name but if I can offer him a comparable alternative at a fraction of the cost he may go for it. We've got a number of customers that use Geotrust which is significantly cheaper than Verisign/Thwate. Someone also uses Starfield which is dirt cheap. There is a technical issue when using certs no one has ever heard of before. Many times their cert company's root certs or whatever are not in the user's browser. In order to fix this you'll need install the cert company's intermediate cert or chain cert on your server so that the broswer can chain your new cert to a cert it already trusts. SSLCACertificateFile conf/ssl.crt/starfield-chain.crt kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
kashani wrote: Antoine wrote: Hi, We are going to set up ssl on a webserver at work and I guess that means we need a certificate... does anyone have any useful alternatives to Verisign? Are they really worth the name? We are not going to be doing any monetary transactions but our clients are very security conscious (who isn't!) and I have no experience in these matters. I am certain the boss will want verisign, as he buys a lot of stuff just for the name but if I can offer him a comparable alternative at a fraction of the cost he may go for it. ... Thanks for all your suggestions. I think we will just go for a self-signed because, at the end of the day, all our clients know us, and trust us. Thanks again Antoine -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
Remember that your web server must be properly configured (http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html) in order to offer any real security. The howto says SGC is only available with verisign - is this true? Cheers Antoine -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
If these clients *know* you, and *trust* you, and know anything about security, there is no reason why you couldn't get away with a self-signed cert. If not, http://www.instantssl.com/ I can second this. I will be buying my mail server certs through InstantSSL in a few weeks. So far, I've heard nothing but good things about them, and their prices are excellent. (No, I don't work there.) -- gentoo-user@gentoo.org mailing list
[gentoo-user] OT - SSL certificate authorities
Hi, We are going to set up ssl on a webserver at work and I guess that means we need a certificate... does anyone have any useful alternatives to Verisign? Are they really worth the name? We are not going to be doing any monetary transactions but our clients are very security conscious (who isn't!) and I have no experience in these matters. I am certain the boss will want verisign, as he buys a lot of stuff just for the name but if I can offer him a comparable alternative at a fraction of the cost he may go for it. Cheers Antoine -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
On Tuesday 15 November 2005 14:43, Antoine wrote: Hi, We are going to set up ssl on a webserver at work and I guess that means we need a certificate... does anyone have any useful alternatives to Verisign? Are they really worth the name? We are not going to be doing any monetary transactions but our clients are very security conscious (who isn't!) and I have no experience in these matters. I am certain the boss will want verisign, as he buys a lot of stuff just for the name but if I can offer him a comparable alternative at a fraction of the cost he may go for it. Cheers Antoine Well, from a security aspect, you can't get more secure than being your own ca. you sign all your own certificates. of course, then the clients will see that your ca isn't trusted, but who the hell trusts verisign these days? not me. not after that search engine crud they pulled a few years ago. -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
Antoine wrote: Hi, We are going to set up ssl on a webserver at work and I guess that means we need a certificate... does anyone have any useful alternatives to Verisign? Are they really worth the name? Well, If you really need official certificate from some CA, have a look in your web-browser, it has certificates for most known authorities already installed (thawte, verisign, geotrust, Entrust.net, Equifax, IPS Seguridad, just to name a few of them). IMHO, Verisignt and Thawte are the best known (but I don't say they are the best). You may try using self-signed certificate, or get one from cacert\ free of charge: http://gentoo-wiki.com/HOWTO_cacert.org_SSL_certificates Jarry -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
On Tuesday 15 November 2005 20:43, Antoine wrote: We are going to set up ssl on a webserver at work and I guess that means we need a certificate... does anyone have any useful alternatives to Verisign? Are they really worth the name? We are not going to be doing any monetary transactions but our clients are very security conscious (who isn't!) and I have no experience in these matters. I am certain the boss will want verisign, as he buys a lot of stuff just for the name but if I can offer him a comparable alternative at a fraction of the cost he may go for it. If these clients *know* you, and *trust* you, and know anything about security, there is no reason why you couldn't get away with a self-signed cert. If not, http://www.instantssl.com/ Yes, I work for them. No, I won't make any comment comparing us to anyone else. No, I can't get you, or anyone else, a discount. No, I can't give you any support, tell you anything about the internal workings, or disclose any detail on security procedures. -- Mike Williams -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
Antoine wrote: Hi, We are going to set up ssl on a webserver at work and I guess that means we need a certificate... does anyone have any useful alternatives to Verisign? Are they really worth the name? We are not going to be doing any monetary transactions but our clients are very security conscious (who isn't!) and I have no experience in these matters. I am certain the boss will want verisign, as he buys a lot of stuff just for the name but if I can offer him a comparable alternative at a fraction of the cost he may go for it. Cheers Antoine I prefer Geotrust (http://www.geotrust.com/) to Verisign for third party signed certificates. Remember that your web server must be properly configured (http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html) in order to offer any real security. Best, Dave -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - SSL certificate authorities
On Tue, 15 Nov 2005, Antoine wrote: We are going to set up ssl on a webserver at work and I guess that means we need a certificate... does anyone have any useful alternatives to Verisign? Are they really worth the name? We are not going to be doing any monetary transactions but our clients are very security conscious (who isn't!) and I have no experience in these matters. I am certain the boss will want verisign, as he buys a lot of stuff just for the name but if I can offer him a comparable alternative at a fraction of the cost he may go for it. rapidssl.com Cheap and fast. -- -- gentoo-user@gentoo.org mailing list