Hello, I've got a client who wants to go ssl. He's running a web server, smtp/pop, and ftps and imaps is coming as well. I'm looking for a wildcard ssl certificate i believe it's called but one on the budget plan. I am also wanting to ensure that the mod_ssl with httpd on the server is only using the strongest encryption methods and protocols. Thanks. Dave.
On Tue, 25 Aug 2009, Dave wrote:
I've got a client who wants to go ssl. He's running a web server, smtp/pop, and ftps and imaps is coming as well. I'm looking for a wildcard ssl certificate i believe it's called but one on the budget plan. I am also wanting to ensure that the mod_ssl with httpd on the server is only using the strongest encryption methods and protocols.
RapidSSL will see you a wildcard certificate for about $200:
http://www.rapidssl.com/ssl-certificate-products/rapidssl/usd/wildcard-ssl-c...
Configuring mod_ssl for decent crypto is pretty easy. This recipe has worked well for me:
SSLProtocol +SSLv3 +TLSv1 SSLCipherSuite HIGH:MEDIUM
You can see what you're getting by using the "openssl ciphers" command, e.g.,
openssl ciphers -v 'MEDIUM:HIGH'
-
Dave -
Paul Heinlein