On Mon, 2006-01-23 at 22:18 -0500, Thomas E Dukes wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Jeff Lasman Sent: Monday, January 23, 2006 9:51 PM To: CentOS mailing list Subject: Re: [CentOS] Self-signed certificates
On Monday 23 January 2006 05:44 pm, Thomas E Dukes wrote:
I'm not trying to be cheap but this is a crock! 128 bit is 128 bit! Browsers should be able to recognize the encryption method, not the name. I mean, that's what its all about.
Hmmmm... You've lost me again <frown>.
If you mean cert distributors, you can buy certs for about $10 from GoDaddy, and yes, browsers recognize them.
Is that with their hosting package or can you buy it outright? And browsers will accept them without a "security alert"?
Their (godaddy) wildcard cert is $199.00/yr (turbo) or $299.00/yr (high assurance)
Their individual site same certs are $19.99/yr (turbo) or $89.99 (high assurance).
Here is the difference: https://www.godaddy.com/gdshop/ssl/compare.asp?se=%2B&app%5Fhdr=99
For internal stuff, I would use only a signed certificate.
I created one for 10 years for my company for internal websites.
If you mean the browser should recognize the cert as a cert and not care about the name it's issued for, that can't work because the purpose of a cert is to guarantee you're talking to whom you think you're talking to. So the domain name has to be in there.
That is why a wildcard cert is good. Many companies are doing wildcard certs now. They are for *.yourdomain.com ... so mail.yourdomain.com and www.yourdomain.com and test.yourdomain.com are all valid with that certificate.
The name I was referring to was the issuing authority not the domain name for which it was issued to.