Security Basics mailing list archives
Re: How can I secure my site?
From: Walter Goulet <wgoulet () gmail com>
Date: Mon, 3 May 2010 14:20:57 -0500
Hi, The most significant difference between a certificate you create yourself (a self-signed certificate) vs. one you get from a CA is that uses who visit your website will see a certificate error message since the certificate is not signed by a root CA that is built into the browser. In order to avoid these errors, your users will have to accept the self-signed certificate as an exception that is stored permanently in their browser (until the certificate expires when they will have to do it again). In general, it is not a good security practice to use self-signed certificates except in very controlled, specific environments like corporate intranets or private networks. You will also find yourself bogged down supporting users who are wondering what the error message means and what steps they need to take to accept the certificate as an exception. For a full ad-nasueam treatment, I wrote a SANS gold paper on assessing enterprise PKI deployments which has some good background on certificates and how they are used in SSL: http://www.sans.org/reading_room/whitepapers/auditing/analyzing-enterprise-pki-deployments_33284 Walter On Sat, May 1, 2010 at 2:55 AM, Ali Asghar Toraby Parizy <aliasghar.toraby () gmail com> wrote:
Hello everybody. Thanks for your help. I have not https folder on my host. When I asked my ISP they said that you must pay 50$ for each SSL certificate. What is the difference between SSL certificate that we purchase from certificate authorities with others which created by ourselves? According to I haven't https folder on host, How can I make it for myself? Thanks for your considerations for these naive questions. On Sat, May 1, 2010 at 10:17 AM, TAS <p0wnsauc3 () gmail com> wrote:Hi Ali, You can also have a self signed certificate created for free. It will be pretty much the same as a paid certificate but it just that you are yourself gonna be the issuer as opposed to an authority like CA or Verisign. Secondly, it will be an good idea to get a pentest done before you go live with the website. This pen test will pretty much take care of your concerns with regards to security. One your business flourishes you can afford to buy and certificate. Cheers TAS! Sent from BlackBerry® - Vodafone -----Original Message----- From: Ali Asghar Toraby Parizy <aliasghar.toraby () gmail com> Date: Wed, 28 Apr 2010 09:12:40 To: <security-basics () securityfocus com> Cc: Rockey<skg102 () gmail com> Subject: Re: How can I secure my site? HI. thanks for reply I searched certificate authorities and I found that their certificates are very expensive. for example lowest security level by Verisign is 500$. How can I prepare cheaper certificates? My business is small and I can't refund for such expensive certificates. thanks for any help On Wed, Apr 28, 2010 at 8:29 AM, ㅤ ㅤRockey <skg102 () gmail com> wrote:Hello, Well you can increase the level of security of your website by getting SSL certificate for you website. Further you can check for vulnerabilities if there are any. OWASP is a good source for web application security. Check out and you may find some good programming practices for web. Cheers, Rockey On Wed, Apr 28, 2010 at 2:21 AM, Ali Asghar Toraby Parizy <aliasghar.toraby () gmail com> wrote:Hi I have written a php website. In this site I sell some license and serial number. I need to protect serial numbers and user names and passwords against sniffers and crackers. Now I want to secure this site and encrypt sessions using https. What do i have to do? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 -------------------------------------------------------------------------- It's all about Hacking and Security http://h4ck3r.in/------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 -------------------------------------------------------------------------- Ali Asghar Torabi ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: How can I secure my site? Ali Asghar Toraby Parizy (May 03)
- Re: How can I secure my site? Raymond (May 03)
- Re: How can I secure my site? Jeff MacDonald (May 03)
- <Possible follow-ups>
- Re: How can I secure my site? Ali Asghar Toraby Parizy (May 03)
- Re: How can I secure my site? Walter Goulet (May 03)
- Re: How can I secure my site? Todd Haverkos (May 03)
- Re: How can I secure my site? Andrew Miller (May 03)
- Re: How can I secure my site? Florian BLANC (May 03)
- Re: How can I secure my site? Raymond (May 03)