What a lovely thread this is, and it brings up many unanswered questions.
I am running a commercial server. I want to use SSL. I have the RPM that
was generously made available on the Contrib site. I am in the US.
So what I want to know is this:
Do I need an RSA License or not? I plan to get my certificate from
Verisign, will they deny me a certificate if I dont have an RSA license
too? If I need one (and I really hate to buy one if I dont need it) how do
I get one (a url with direction would be handy please)?
Thanks again for all the help.
At 11:40 PM 5/21/99 +0200, you wrote:
>On Fri, May 21, 1999 at 11:05:38AM -0400, Adam D. McKenna wrote:
>> From: Bodo Moeller <[EMAIL PROTECTED]>
>
>>>> From what I've heard even RSAREF is not legal to use inside the US
>>>> for commercial purposes. However, verisign (a division of RSA)
>>>> does not have a problem issuing certificates for servers running
>>>> OpenSSL (SSLeay is actually what is mentioned). They say this on
>>>> their homepage and there is no mention of RSAREF. This leads me
>>>> to believe that RSA really doesn't care about people using OpenSSL
>>>> (with RSAREF or without) within the US.
>
>>> There are commercial web-servers based on SSLeay/OpenSSL that are
>>> legal to use in the US. Plus, if you desperately want to use a free
>>> one, you can obtain an RSA license yourself -- but it'll likely be
>>> much more costly than buying a commercial derivate of Apache.
>
>> That's not what I meant. What I was saying is that Verisign condones and
>> supports the use of "freeware apache", and will issue certificates for it.
>> Are you saying that this implies that the users of "freeware apache" have
>> also purchased an RSA license? That's not how I read it. But you are free
>> to look for yourself at
>> http://digitalid.verisign.com/server/apacheNotice.htm
>
>I see, they directly refer to freeware. But Verisign has customers
>not only in the U.S., and not every use of a HTTPS server is
>commercial (as defined by the RSAREF license); so there are various
>possibilities to get a Verisign certificate without buying a patent
>license and without violating patents.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]