RE: SSL Server IDs

["Bruce Davis" <talesian () istop com>]

In my company I had the unfortunate issue an insistance from above to use
Verisign, however the good news is that Verisign has a program where if you
are getting a significant number of certs and are willing to pay up front
you can get a discount on the price as well as being able to issue them
yourself through a website application. This is handy if you have a rough
idea of how many you're going to need but the renewals occur through out the
year. I would image that the other companies must have something similar.
Believe me it's real handy to have on a weekend when one of your sites goes
down because it uses a cert that you weren't told about and there's no
manager about to make the purchase of the cert for you.
I realise it doesn't answer your question but it does give you an additional
feature to ask about when choosing a vendor.

-----Original Message-----
From: Nicholas Diotte [mailto:xphox () xphox net]
Sent: November 18, 2003 1:02 PM
To: security-basics () securityfocus com
Subject: SSL Server IDs




Good afternoon list,

I've been asked to find a way to enable SSL on all our products, the problem
is they are spread accross multiple servers, and devices.

Based on my current knowledge, I would assume that it is okay for me to self
sign, and generate my own certificates.  However the powers that be, do not
want to have to confirm a message box each time they close their browser.

So my question is the following:  What is the difference between
certificates?  You can pay $400.00 for a VeriSign SuperCert, you can pay
$99.00 from DirectNic, and you can generate them yourself.  What are the
advantages of going with VeriSign, vs. a smaller company.  And what are the
disadvantages of generating your own.

Also, 2nd questions:  Why not have a wildcard certificate? *.domain.org.
And can you use the wildcard certificate on multiple devices.  So I guess,
can you copy the same key on multiple servers?

This environment contains multiple webservers, mostly IIS, but some Apache.

Thanks,
Nick

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------