You can generate your own certificates with OpenSSL, but you
need to either get your root certificate into every piece of
verifying software (browser), or else get all your users to
manually accept each certificate, which greatly reduces
security (because, with no way to know any better, they will
just accept any counterfeit certificate without question,
so your ADVERSARY can use OpenSSL to generate the counterfeits
to attack you with).
The justification for the cost of commercial certificates is
that the commercial CA has paid a significant fraction of a
million US dollars to both Microsoft and Netscape in order to
put their commercial root into the generally distributed
binaries of IE and Navigator.
We buy our commercial certificates from Thawte. We have a
web-based mechanism for downloading our local root into the
various web browsers, after doing so, our locally generated
certificates (generated by a web app that is a few thousand
lines of Perl wrapped around OpenSSL) are just as good as
the commercial ones.
Hope this helps!
Ryan Schefke wrote:
Me for asking this question, I'm just not sure where to start but with the
experts here.
I'm moving my PHP and MySQL application to a hosting server. Currently, I'm
looking at 1and1.com's dedicated servers on a Linux machine for $49/month
(let me know if there are better choices). One problem though, the
dedicated server, unlike a shared server, does not have a SSL certificate.
So, I need one. Can anyone recommend a low cost (preferably free), and easy
to install (since I have to do it myself) SSL Cert?
Thanks,
Ryan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
