[CentOS] Self-signed certificates
Johnny Hughes
mailing-lists at hughesjr.com
Tue Jan 24 11:06:33 UTC 2006
On Mon, 2006-01-23 at 22:18 -0500, Thomas E Dukes wrote:
>
> > -----Original Message-----
> > From: centos-bounces at centos.org
> > [mailto:centos-bounces at centos.org] On Behalf Of Jeff Lasman
> > Sent: Monday, January 23, 2006 9:51 PM
> > To: CentOS mailing list
> > Subject: Re: [CentOS] Self-signed certificates
> >
> > On Monday 23 January 2006 05:44 pm, Thomas E Dukes wrote:
> >
> > > I'm not trying to be cheap but this is a crock! 128 bit is 128 bit!
> > > Browsers should be able to recognize the encryption method, not the
> > > name. I mean, that's what its all about.
> >
> > Hmmmm... You've lost me again <frown>.
> >
> > If you mean cert distributors, you can buy certs for about
> > $10 from GoDaddy, and yes, browsers recognize them.
>
> Is that with their hosting package or can you buy it outright? And browsers
> will accept them without a "security alert"?
>
Their (godaddy) wildcard cert is $199.00/yr (turbo) or $299.00/yr (high
assurance)
Their individual site same certs are $19.99/yr (turbo) or $89.99 (high
assurance).
Here is the difference:
https://www.godaddy.com/gdshop/ssl/compare.asp?se=%2B&app%5Fhdr=99
For internal stuff, I would use only a signed certificate.
I created one for 10 years for my company for internal websites.
> >
> > If you mean the browser should recognize the cert as a cert
> > and not care about the name it's issued for, that can't work
> > because the purpose of a cert is to guarantee you're talking
> > to whom you think you're talking to. So the domain name has
> > to be in there.
>
That is why a wildcard cert is good. Many companies are doing wildcard
certs now. They are for *.yourdomain.com ... so mail.yourdomain.com and
www.yourdomain.com and test.yourdomain.com are all valid with that
certificate.
> The name I was referring to was the issuing authority not the domain name
> for which it was issued to.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060124/fa06e37f/attachment.sig>
More information about the CentOS
mailing list