RE: Re[2]: OT: cheap CA certificates

2003-11-18 Thread kwills 
Here is one comparison of different SSL certificate choices and their
prices:

http://www.whichssl.com/ssl-certificate-comparison.html


--Kevin

-Original Message-
From: James Treworgy [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 2:12 PM
To: Goetz Babin-Ebell
Cc: [EMAIL PROTECTED]
Subject: Re[2]: OT: cheap CA certificates


Thawte is pretty cheap. $127 bucks through their ISP channel (anyone
can sign up) for a regular web cert, I am not sure you can do much better.

If it's not worth $127 a year, then I assume it's not for profit, e.g.
for internal use only or for a small number of users. In that case,
just use self-signed certificates. They're no less secure, they just
pop up a warning. Advise your users to add them to their root store
the first time they connect to your site and even that won't happen
anymore. We do this for all our internal secured sites.

-- Jamie

Monday, November 17, 2003, 3:05:23 PM, you wrote:

GBE Hello Eric,

GBE Eric Wood wrote:
 Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients
will
 authorize against?  Thawte and Verisign have outpriced themselves.

GBE That depends on your definition of the terms cheap and reliable.

GBE But we offer client and server certs
GBE (low level client certs are still free)

GBE Bye

GBE Goetz




-- 
Best regards,
 Jamesmailto:[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Possible fix for long domain names and mod_ssl

2002-04-22 Thread kwills 

I have encountered the same problem as Bernard L du Breuil dealing with with
long domain names and mod_ssl.

This change to mod_ssl.c in Apache 2.0.35 is from looking at a
ssl_engine_ext.c in mod_ssl version 2.8.8.

Kevin
[EMAIL PROTECTED]


*** mod_ssl.c0  Tue Apr  2 08:30:08 2002
--- mod_ssl.c   Mon Apr 22 10:37:46 2002
***
*** 259,264 
--- 259,265 
  static int ssl_hook_pre_connection(conn_rec *c, void *csd)
  {
  SSLSrvConfigRec *sc = mySrvConfig(c-base_server);
+ char *cpVHostID, *cpVHostMD5;
  SSL *ssl;
  SSLConnRec *sslconn = myConnConfig(c);
  modssl_ctx_t *mctx;
***
*** 312,320 
  return DECLINED; /* XXX */
  }

! if (!SSL_set_session_id_context(ssl,
! (unsigned char *)sc-vhost_id,
! sc-vhost_id_len))
  {
  ssl_log(c-base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  Unable to set session id context to `%s', sc-vhost_id);
--- 313,321 
  return DECLINED; /* XXX */
  }

!   cpVHostID = ssl_util_vhostid(c-pool, c-base_server);
!   cpVHostMD5 = ap_md5(c-pool, (unsigned char *)cpVHostID);
!   if (!SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5,
strlen(cpVHostMD5)))
  {
  ssl_log(c-base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  Unable to set session id context to `%s', sc-vhost_id);
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]