[thelist] Homegrown SSL
Joshua Olson
joshua at waetech.com
Wed Mar 24 09:41:01 CST 2004
> -----Original Message-----
> From: Rob Smith
> Sent: Wednesday, March 24, 2004 9:24 AM
>
> Irrelevant. I have tried installation after installation. Because the cert
> is not verified through a valid certificate authority, you WILL get that
> prompt. If someone can out there can prevent the prompt with a
> homegrown'er, I am very interested in the solution. We've been facing the
> prompt for about two years now.
Preventing the prompt is a fairly straightforward process... simply install
on the server the chain of certificates that leads back to a root
certificate. The SSL handshaking will verify the chain and the prompt won't
appear. If you've homegrown your own certificate, this chain is not likely
to exist unless you've purchased authority from the root. This is typically
quite expensive. GeoTrust has a solution called GeoRoot, but they told me
it costs $75,000+! I spoke with someone this last weekend and they said
that you can get authority directly from Verisign for a couple thousand
dollars, but I couldn't dig anything up to corroborate this theory.
Honestly, since you can get certs for $39 from freessl.com ($29 as a
reseller, pay-as-you-go, no up-front deposit) that don't cause the prompt,
it may make sense to buy a cert since you'll save a few minutes here and
there on tech support calls regarding the prompt.
Just my 2cents.
<><><><><><><><><><>
Joshua Olson
Web Application Engineer
WAE Tech Inc.
http://www.waetech.com/service_areas/
706.210.0168
More information about the thelist
mailing list