Re: SSL certs
> ...
> My questions are:
>
> 1. Who is a reputable SSL certificate authority, that is recognized
> automatically by all modern browsers?
I have been using geotrust.com and have had no problems with them.
For just serving pages through https I would guess their 'quickssl'
will probably be enough.
> 2. We will have several different hosts, and thus different
> hostnames,
> running secure sites. Do we need to purchase a certificate for
> each, or can we purchase a single certificate and use it to sign
> the certs for the different hosts?
Unless you pay big bucks you usually don't get a cert that allowes you
to sign other certs. Usually you need to purchase a certificate per
site.
> 3. Are there any resources out there on using commercial certs with
> Debian? Any CAs that cater specifically to Debian?
I am not aware of anything. Not sure what web server you are using but
most things in the apache docs apply directly.
Since will have multiple names/certificates watch out for this. You
can only have one certificate per ip address+port. You will not be
able to use certificates with name-based virtual hosts. Name-based
virtual hosts cannot work because the SSL negotiation happesn before
the web server knows what the name is. This gave me a headache for a
day before I re-read the docs and figured this out.
That is my $0.02
Chris
Reply to:
- References:
- SSL certs
- From: John Goerzen <jgoerzen@complete.org>