[CentOS] ssl certificate, maximum protection, on the budget?

Wed Aug 26 13:57:24 UTC 2009
Paul Heinlein <heinlein at madboa.com>

On Tue, 25 Aug 2009, Dave wrote:

> I've got a client who wants to go ssl. He's running a web server, 
> smtp/pop, and ftps and imaps is coming as well. I'm looking for a 
> wildcard ssl certificate i believe it's called but one on the budget 
> plan. I am also wanting to ensure that the mod_ssl with httpd on the 
> server is only using the strongest encryption methods and protocols.

RapidSSL will see you a wildcard certificate for about $200:

   http://www.rapidssl.com/ssl-certificate-products/rapidssl/usd/wildcard-ssl-certificate.htm

Configuring mod_ssl for decent crypto is pretty easy. This recipe has 
worked well for me:

   SSLProtocol +SSLv3 +TLSv1
   SSLCipherSuite HIGH:MEDIUM

You can see what you're getting by using the "openssl ciphers" 
command, e.g.,

   openssl ciphers -v 'MEDIUM:HIGH'

-- 
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com