[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL certs



> ... 
> My questions are:
> 
> 1. Who is a reputable SSL certificate authority, that is recognized
>    automatically by all modern browsers?  

I have been using geotrust.com and have had no problems with them.

For just serving pages through https I would guess their 'quickssl'
will probably be enough.

> 2. We will have several different hosts, and thus different
> hostnames,
>    running secure sites.  Do we need to purchase a certificate for
>    each, or can we purchase a single certificate and use it to sign
>    the certs for the different hosts?

Unless you pay big bucks you usually don't get a cert that allowes you
to sign other certs.  Usually you need to purchase a certificate per
site.

> 3. Are there any resources out there on using commercial certs with
>    Debian?  Any CAs that cater specifically to Debian?

I am not aware of anything.  Not sure what web server you are using but
most things in the apache docs apply directly.


Since will have multiple names/certificates watch out for this.  You
can only have one certificate per ip address+port.  You will not be
able to use certificates with name-based virtual hosts.  Name-based
virtual hosts cannot work because the SSL negotiation happesn before
the web server knows what the name is.  This gave me a headache for a
day before I re-read the docs and figured this out.

That is my $0.02

Chris



Reply to: