Re: SSL certs
>From: Chris Francy [mailto:firstname.lastname@example.org]
>Sent: Wednesday, October 26, 2005 12:59 PM
>To: 'John Goerzen', email@example.com
>Subject: Re: SSL certs
>> My questions are:
>> 1. Who is a reputable SSL certificate authority, that is recognized
>> automatically by all modern browsers?
>I have been using geotrust.com and have had no problems with them.
>For just serving pages through https I would guess their 'quickssl'
>will probably be enough.
>> 2. We will have several different hosts, and thus different
>> running secure sites. Do we need to purchase a certificate for
>> each, or can we purchase a single certificate and use it to sign
>> the certs for the different hosts?
>Unless you pay big bucks you usually don't get a cert that allowes you
>to sign other certs. Usually you need to purchase a certificate per
The certs that are "Wildcard" certs (.domain.tld) are for as many sites on a "Single Server", not for multiple servers. I used geocert for my last one and it's not the cheapest but worked fine.
>> 3. Are there any resources out there on using commercial certs with
>> Debian? Any CAs that cater specifically to Debian?
>I am not aware of anything. Not sure what web server you are using but
>most things in the apache docs apply directly.
>Since will have multiple names/certificates watch out for this. You
>can only have one certificate per ip address+port. You will not be
>able to use certificates with name-based virtual hosts. Name-based
>virtual hosts cannot work because the SSL negotiation happesn before
>the web server knows what the name is. This gave me a headache for a
>day before I re-read the docs and figured this out.
>That is my $0.02
>To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org