RE: Re[2]: OT: cheap CA certificates
Here is one comparison of different SSL certificate choices and their prices: http://www.whichssl.com/ssl-certificate-comparison.html --Kevin -Original Message- From: James Treworgy [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 2:12 PM To: Goetz Babin-Ebell Cc: [EMAIL PROTECTED] Subject: Re[2]: OT: cheap CA certificates Thawte is pretty cheap. $127 bucks through their ISP channel (anyone can sign up) for a regular web cert, I am not sure you can do much better. If it's not worth $127 a year, then I assume it's not for profit, e.g. for internal use only or for a small number of users. In that case, just use self-signed certificates. They're no less secure, they just pop up a warning. Advise your users to add them to their root store the first time they connect to your site and even that won't happen anymore. We do this for all our internal secured sites. -- Jamie Monday, November 17, 2003, 3:05:23 PM, you wrote: GBE Hello Eric, GBE Eric Wood wrote: Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will authorize against? Thawte and Verisign have outpriced themselves. GBE That depends on your definition of the terms cheap and reliable. GBE But we offer client and server certs GBE (low level client certs are still free) GBE Bye GBE Goetz -- Best regards, Jamesmailto:[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Possible fix for long domain names and mod_ssl
I have encountered the same problem as Bernard L du Breuil dealing with with long domain names and mod_ssl. This change to mod_ssl.c in Apache 2.0.35 is from looking at a ssl_engine_ext.c in mod_ssl version 2.8.8. Kevin [EMAIL PROTECTED] *** mod_ssl.c0 Tue Apr 2 08:30:08 2002 --- mod_ssl.c Mon Apr 22 10:37:46 2002 *** *** 259,264 --- 259,265 static int ssl_hook_pre_connection(conn_rec *c, void *csd) { SSLSrvConfigRec *sc = mySrvConfig(c-base_server); + char *cpVHostID, *cpVHostMD5; SSL *ssl; SSLConnRec *sslconn = myConnConfig(c); modssl_ctx_t *mctx; *** *** 312,320 return DECLINED; /* XXX */ } ! if (!SSL_set_session_id_context(ssl, ! (unsigned char *)sc-vhost_id, ! sc-vhost_id_len)) { ssl_log(c-base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, Unable to set session id context to `%s', sc-vhost_id); --- 313,321 return DECLINED; /* XXX */ } ! cpVHostID = ssl_util_vhostid(c-pool, c-base_server); ! cpVHostMD5 = ap_md5(c-pool, (unsigned char *)cpVHostID); ! if (!SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5, strlen(cpVHostMD5))) { ssl_log(c-base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, Unable to set session id context to `%s', sc-vhost_id); __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]