[thelist] Certificate for non-profit
Bill Moseley
moseley at hank.org
Mon Jun 12 16:11:48 CDT 2006
Maybe someone here has go though this lately.
A non-profit needs a certeficate for Apache. They will collect
personal information, and plan to accept credit card transactions at
some point in the future. They have a number of sub-domains, but at
this time only the top-level domain will handle ssl requests.
Anyone aware of CAs that provide discounts for non-profits?
Any favorite CAs? I have these in my notes:
http://geotrust.com
http://instantssl.com
http://starfieldtech.com/
http://freessl.com
http://godaddy.com
I'm not clear how to tell which ones are best supported by the
browsers (without the need of chaining). They all seem to claim 99%
recognition. Any reason not to use a CA that requires chained
certificates?
BTW, my notes have this for creating a self-signed cert without a
password and a CSR. Look correct?
openssl genrsa -des3 -out domain.key 1024
openssl rsa -in domain.key -out server.key
openssl req -new -key server.key -x509 -out server.crt -days 999
Can't that first and second step be combined?
openssl genrsa -out domain.key 1024
Or maybe create the key and csr in one step:
openssl req -new -nodes -keyout server.key -out server.csr
--
Bill Moseley
moseley at hank.org
More information about the thelist
mailing list