FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-02-2008, 05:34 PM
Thomas Cameron
 
Default Sorta OT - Cheap certificate authority?

Hey All -

I am setting up a project for a buddy on a shoe-string budget and we
need a site protected by SSL. Self-signed won't cut it. I looked at
Verisign and to get a basic SSL cert from them is going to cost more
than the whole hardware budget for the project!

Anyone have any recommendations for a cheap CA? Is there such a thing?

To put this on-topic, it will be hosted on a Fedora box. :-)

Cheers!
Thomas

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-02-2008, 06:06 PM
"Patrick O'Callaghan"
 
Default Sorta OT - Cheap certificate authority?

On Sat, 2008-08-02 at 12:34 -0500, Thomas Cameron wrote:
> Hey All -
>
> I am setting up a project for a buddy on a shoe-string budget and we
> need a site protected by SSL. Self-signed won't cut it. I looked at
> Verisign and to get a basic SSL cert from them is going to cost more
> than the whole hardware budget for the project!
>
> Anyone have any recommendations for a cheap CA? Is there such a thing?

You can set up your own for free, e.g. OpenCA. What you have to decide
is if you need the CA to be recognized automatically by the usual
suspects (FF, IE etc.) or if you can get your users to follow
instructions for loading the CA data into their browsers. If it's the
former, you're stuck with the paid versions. Thawte used to be cheap
compared to Verisign, but I don't know if that is still true.

poc



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-02-2008, 06:48 PM
Bruno Wolff III
 
Default Sorta OT - Cheap certificate authority?

On Sat, Aug 02, 2008 at 12:34:27 -0500,
Thomas Cameron <thomas.cameron@camerontech.com> wrote:
> Hey All -
>
> I am setting up a project for a buddy on a shoe-string budget and we
> need a site protected by SSL. Self-signed won't cut it. I looked at

Why not? If you are interested in protection for the communications rather
than being involved with Verisign's protection racket then a self signed
certificate will work just fine. If you are worried about the latter, check
the list of CAs included by default in the browsers you expect your visitors
to be using and check out their prices.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-02-2008, 07:25 PM
Bryan Hepworth
 
Default Sorta OT - Cheap certificate authority?

Thomas Cameron wrote:


Hey All -

I am setting up a project for a buddy on a shoe-string budget and we
need a site protected by SSL. Self-signed won't cut it. I looked at
Verisign and to get a basic SSL cert from them is going to cost more
than the whole hardware budget for the project!

Anyone have any recommendations for a cheap CA? Is there such a thing?

To put this on-topic, it will be hosted on a Fedora box. :-)



cacert.org worked a treat for my mail server

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-02-2008, 07:27 PM
Thomas Cameron
 
Default Sorta OT - Cheap certificate authority?

On Sat, 2008-08-02 at 13:48 -0500, Bruno Wolff III wrote:
> On Sat, Aug 02, 2008 at 12:34:27 -0500,
> Thomas Cameron <thomas.cameron@camerontech.com> wrote:
> > Hey All -
> >
> > I am setting up a project for a buddy on a shoe-string budget and we
> > need a site protected by SSL. Self-signed won't cut it. I looked at
>
> Why not? If you are interested in protection for the communications rather
> than being involved with Verisign's protection racket then a self signed
> certificate will work just fine. If you are worried about the latter, check
> the list of CAs included by default in the browsers you expect your visitors
> to be using and check out their prices.

Because perception==reality. It will be publicly facing, and that whole
"Firefox will not allow you to access this site without accepting that
this is an untrusted CA" thing is off-putting for most members of the
general public.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-02-2008, 08:19 PM
Tom Horsley
 
Default Sorta OT - Cheap certificate authority?

On Sat, 02 Aug 2008 14:27:19 -0500
Thomas Cameron <thomas.cameron@camerontech.com> wrote:

> Because perception==reality. It will be publicly facing, and that whole
> "Firefox will not allow you to access this site without accepting that
> this is an untrusted CA" thing is off-putting for most members of the
> general public.

In that case be careful if you have any opensuse users of the site.
Depending on what software they are using there are at least three
(maybe more) SSL libs shipped in opensuse and each one of them
has a separate and disjoint set of root certificates (what fun), so
you might be able to access it with firefox, but not curl,
or openssl, etc.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-02-2008, 09:30 PM
Thomas Cameron
 
Default Sorta OT - Cheap certificate authority?

On Sat, 2008-08-02 at 16:19 -0400, Tom Horsley wrote:
> On Sat, 02 Aug 2008 14:27:19 -0500
> Thomas Cameron <thomas.cameron@camerontech.com> wrote:
>
> > Because perception==reality. It will be publicly facing, and that whole
> > "Firefox will not allow you to access this site without accepting that
> > this is an untrusted CA" thing is off-putting for most members of the
> > general public.
>
> In that case be careful if you have any opensuse users of the site.
> Depending on what software they are using there are at least three
> (maybe more) SSL libs shipped in opensuse and each one of them
> has a separate and disjoint set of root certificates (what fun), so
> you might be able to access it with firefox, but not curl,
> or openssl, etc.

The user base will be Windows users, but thanks. That's good to know.

Thomas

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 11:34 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org