Security Basics mailing list archives
RE: SSL Server IDs
From: "dave kleiman" <dave () isecureu com>
Date: Thu, 20 Nov 2003 20:00:25 -0500
I use thawte and have no problems with their certs. They have a very quick response time and are very friendly over the phone when you need help. Dave _______________________________ Dave Kleiman, CISSP, MCSE, CIFI dave () isecureu com www.SecurityBreachResponse.com "High achievement always takes place in the framework of high expectation." Jack Kinder -----Original Message----- From: Glenn Pearl [mailto:glennp () datasync com] Sent: Thursday, November 20, 2003 08:54 To: security-basics () securityfocus com Subject: RE: SSL Server IDs Is Verisign the only option? What are anyone's thoughts on Entrust or Thawte certs? Both of these seem to be as easily recognized by most browsers, and cheaper than Verisign, too. Glenn Pearl
-----Original Message----- From: ty kirk [mailto:ca_ca_ca_cooler () msn com] Sent: Wednesday, November 19, 2003 7:48 AM To: xphox () xphox net; security-basics () securityfocus com Subject: Re: SSL Server IDs How big is your company? If it's small and most of the usage is
internal,
then self-sign using a certificate authority and then trust the
certificate
authority through their browsers. But if you have many external
customers,
then it'll increase their confidence in your sites if you use
Verisign,
whether they are secure or not. My 2 cents.From: Nicholas Diotte <xphox () xphox net> To: security-basics () securityfocus com Subject: SSL Server IDs Date: 18 Nov 2003 18:01:48 -0000 Good afternoon list, I've been asked to find a way to enable SSL on all our products, the problem is they are spread accross multiple servers, and devices. Based on my current knowledge, I would assume that it is okay for me
to
self sign, and generate my own certificates. However the powers that
be,
do not want to have to confirm a message box each time they close
their
browser. So my question is the following: What is the difference between certificates? You can pay $400.00 for a VeriSign SuperCert, you can
pay
$99.00 from DirectNic, and you can generate them yourself. What are
the
advantages of going with VeriSign, vs. a smaller company. And what
are the
disadvantages of generating your own. Also, 2nd questions: Why not have a wildcard certificate?
*.domain.org.
And can you use the wildcard certificate on multiple devices. So I
guess,
can you copy the same key on multiple servers? This environment contains multiple webservers, mostly IIS, but some
Apache.
Thanks, Nick-----------------------------------------------------------------------
----
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services
security
to simplify the management and deployment of PGP and reduce overall PGP
costs
by up to 80%. FREE WHITEPAPER & 30 Day Trial -http://www.securityfocus.com/sponsor/ForumSystems_security-basics_03102
7
-----------------------------------------------------------------------
-----
_________________________________________________________________ online games and music with a high-speed Internet connection! Prices
start
at less than $1 a day average. https://broadband.msn.com (Prices may
vary
by service area.)
------------------------------------------------------------------------ ---
------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- SSL Server IDs Nicholas Diotte (Nov 18)
- RE: SSL Server IDs Bruce Davis (Nov 21)
- <Possible follow-ups>
- Re: SSL Server IDs ty kirk (Nov 19)
- RE: SSL Server IDs Glenn Pearl (Nov 20)
- Re: SSL Server IDs Steve (Nov 20)
- Re: SSL Server IDs Anders Reed-Mohn (Nov 24)
- Re: SSL Server IDs Todd (Nov 25)
- Re: SSL Server IDs Jimi Thompson (Nov 25)
- RE: SSL Server IDs Glenn Pearl (Nov 20)
- RE: SSL Server IDs dave kleiman (Nov 21)