[thelist] Homegrown SSL

Liam Delahunty liam at megaproducts.co.uk
Wed Mar 24 03:31:05 CST 2004 

on 24/03/2004 08:41 david.landy wrote:
> Rob,
> 
> "Home grown SSL cert"? Sounds v intruiging! I've often wondered how I could
> save myself forking out hundreds of £££ just for the privilege of having a
> secure site. Any clues how to do this?
> 
> David

A search with homegrown SSL led to the links below.

to create your own CA:
http://www.pseudonym.org/ssl/ssl_cook.html

Just to generate the cert on a server:
http://www.pseudonym.org/ssl/ssl_server_certs.html#request

http://www.tiad.buffalo.edu/CertRequest.html

Apache-SSL,
http://www.verisign.com/support/tlc/csr/ssleay/v01.html
apache mod_ssl
http://www.verisign.com/support/tlc/csr/modssl/v00.html

These are self signed certificates, for an example visit the site
https://www.onlinesales.co.uk/ and you'll probably get a pop-up from 
your browser telling you the certificate is okay but you haven't chosen 
to trust the CA. That's why we pay for thawte etc certs as they are 
already trusted by most browsers. I've not used them but a cheaper 
alternative is geotrust.

Can you do anything about your 13 line disclaimer / signature? At least 
put it after two dashes, a space and a newline"-- " so that decent email 
clients can either strip it off or (as in Thunderbird) fade it, I also 
believe that the digest readers will have it removed automatically (when 
I ran a little list it did it automatically)

From: http://www.newsreaders.com/gnksa/gnksa.txt
<quote>
15) Separate signatures correctly, and don't use excessive ones

Posting software SHOULD separate any signature appended to outgoing
articles from the main text with a line containing only `-- ' ("dash
dash space"). To quote son-of-rfc1036:

         <<If  a  poster or posting agent does append a signature to an
           article, the signature SHOULD be preceded with  a  delimiter
           line  containing  (only)  two hyphens (ASCII 45) followed by
           one blank (ASCII  32).   Posting  agents  SHOULD  limit  the
           length  of  signatures,  since  verbose  excess bordering on
           abuse is common if no restraint is imposed;  4  lines  is  a
           common limit.>>

Hence, posting software SHOULD prevent the user from using excessively
long signatures, or at least warn the user against it.  A widely
accepted standard is the so-called McQuary limit: up to 4 lines, each up
to a maximum of 80 characters.

Rationale: Being confronted with (possibly excessively long) signatures
repetitively is, or can be, annoying to many.  Being able to separate
the main text and the signature clearly is important, not only to
prevent the possible mistake of misinterpreting a signature, but also to
enable automatic signature suppression for those who wish to do so.
</quote>

-- 
Kind regards, Liam Delahunty, Mega Products Ltd
12 Bury Place, London WC1A 2JL Fax: +44(0)871 224 7891
http://www.megaproducts.co.uk/ Internet Design & Development

More information about the thelist mailing list