[CentOS] Self-signed certificates

Tue Jan 24 11:06:33 UTC 2006
Johnny Hughes <mailing-lists at hughesjr.com>

On Mon, 2006-01-23 at 22:18 -0500, Thomas E Dukes wrote:
>  
> > -----Original Message-----
> > From: centos-bounces at centos.org 
> > [mailto:centos-bounces at centos.org] On Behalf Of Jeff Lasman
> > Sent: Monday, January 23, 2006 9:51 PM
> > To: CentOS mailing list
> > Subject: Re: [CentOS] Self-signed certificates
> > 
> > On Monday 23 January 2006 05:44 pm, Thomas E Dukes wrote:
> > 
> > > I'm not trying to be cheap but this is a crock!  128 bit is 128 bit!
> > > Browsers should be able to recognize the encryption method, not the 
> > > name.  I mean, that's what its all about.
> > 
> > Hmmmm... You've lost me again <frown>.
> > 
> > If you mean cert distributors, you can buy certs for about 
> > $10 from GoDaddy, and yes, browsers recognize them.
> 
> Is that with their hosting package or can you buy it outright?  And browsers
> will accept them without a "security alert"?
> 
Their (godaddy) wildcard cert is $199.00/yr (turbo) or $299.00/yr (high
assurance)

Their individual site same certs are $19.99/yr (turbo) or $89.99 (high
assurance).

Here is the difference:
https://www.godaddy.com/gdshop/ssl/compare.asp?se=%2B&app%5Fhdr=99

For internal stuff, I would use only a signed certificate.

I created one for 10 years for my company for internal websites.

> > 
> > If you mean the browser should recognize the cert as a cert 
> > and not care about the name it's issued for, that can't work 
> > because the purpose of a cert is to guarantee you're talking 
> > to whom you think you're talking to.  So the domain name has 
> > to be in there.
> 

That is why a wildcard cert is good.  Many companies are doing wildcard
certs now.  They are for *.yourdomain.com ... so mail.yourdomain.com and
www.yourdomain.com and test.yourdomain.com are all valid with that
certificate.

> The name I was referring to was the issuing authority not the domain name
> for which it was issued to.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060124/fa06e37f/attachment-0005.sig>