[thelist] SSL Certificates

Jeff Howden jeff at jeffhowden.com
Tue Nov 18 19:18:28 CST 2003


walter,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: jsWalter
>
> > Looking to buy an SSL certificate for a client and
> > wondering about recommendations...
>
> can I ask a stupid question here?
>
> What value does purchasing a SSL cert give you?
>
> Why do I need to buy one, when I can make one myself? My
> site has it's own that I rolled myself.
>
> No one has ever asked me about my cert, ever
> questioned it.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

the reason for purchasing is that the certificate comes from a root
certificate authority.  without that, every browser capable of ssl will warn
the user that they cert is not from a root certifictate authority and
therefore isn't guaranteed to be from/by who it claims to be from/by.  sure,
clicking "yes/ok" (instead of no/cancel) will still mean the transmission is
secured, but that interruption can be quite distracting and trust-eroding.

in an e-commerce situation, buying a cert that comes from a root certificate
authority is a must-do, not a nice-to-have.

that's why i brought up the issue of the geotrust ssl certs not working with
webtv.  webtv does not recognize the root authority used for geotrust certs
(equifax).  so, no ssl for that browser at all.  it can't even connect to
the site via https.

*most* browsers these days come with a number of root certificate
authorities already installed.  check the compatibility level for each
vendor when making your decision.

.jeff

——————————————————————————————————————————————————————
Jeff Howden - Web Application Specialist
Résumé - http://jeffhowden.com/about/resume/
Code Library - http://evolt.jeffhowden.com/jeff/code/



More information about the thelist mailing list