[thelist] Certificate for non-profit

Bill Moseley moseley at hank.org
Mon Jun 12 16:11:48 CDT 2006


Maybe someone here has go though this lately.

A non-profit needs a certeficate for Apache.  They will collect
personal information, and plan to accept credit card transactions at
some point in the future.  They have a number of sub-domains, but at
this time only the top-level domain will handle ssl requests.

Anyone aware of CAs that provide discounts for non-profits?

Any favorite CAs?  I have these in my notes:

    http://geotrust.com
    http://instantssl.com
    http://starfieldtech.com/
    http://freessl.com
    http://godaddy.com

I'm not clear how to tell which ones are best supported by the
browsers (without the need of chaining). They all seem to claim 99%
recognition.  Any reason not to use a CA that requires chained
certificates?


BTW, my notes have this for creating a self-signed cert without a
password and a CSR.  Look correct?

    openssl genrsa -des3 -out domain.key 1024
    openssl rsa -in domain.key -out server.key
    openssl req -new -key server.key -x509 -out server.crt -days 999

Can't that first and second step be combined?

    openssl genrsa  -out domain.key 1024


Or maybe create the key and csr in one step:

    openssl req -new -nodes -keyout server.key -out server.csr




-- 
Bill Moseley
moseley at hank.org




More information about the thelist mailing list