SourceForge Notes

SSL Certificates

Copyright 2009 by Stephen Vermeulen
Last updated: 2009 Jan 03
Tech Toys

100 23 able appear archive askslashdot aug cards center claim dec dedicated easy features firefox further height interesting link little man mozilla multiple name names notes offers options packages problems programs purchase recent search seems servers services setting src ssl started supply table talks text title updated where wild

See also:

SSL Certificate Notes

  • 2009-Jan-03: Some of the certificate authorities have problems with their registration process that allows attackers to submit requests for any domain. [7406]
  • 2008-Dec-25: This Slashdot article on man in the middle attacks with SSL certificates has some interesting (and rather disturbing) commentary on the state of "trusted" SSL certificates. It appears that at the moment little (if no) validation is being done by some of the trusted authorities. [7389]
  • 2008-Oct-12: The RapidSSL certificate from SERVERtastic is pretty easy to purchase. The process seems a bit backwards in that you pay for the certificate before entering any of the necessary details. After you take this leap of faith they then email you a link to processed with entering the details about your website for the certificate. You will also need to be able to generate a CSR (certificate signing request) and paste that into their form, for this you will probably need to have OpenSSL installed. They do supply the necessary commands to type to generate the CSR in their help pages. [7010]
  • 2008-Oct-11: SSL Shopper has some useful FAQs and comparision tables, there are also some comments from customers about various SSL vendors. [7009]
  • 2008-Oct-01: Obtaining root certificates for Python programs [6962]
  • 2008-Aug-22: An article that is critical (and justly so) about recent changes to the SSL certificate warnings in Firefox 3. This is discussed here on Slashdot. The approach I would favor would be to have two indicators: one to indicate that you are using SSL encryption to protect the communications with the web server and the second to indicate that you are talking to an authenticated web site. In this way if one was talking to a self-signed site (or one that is signed by an unrecognized authority) only the encrypted status would be shown. Of course this makes things a bit more complicated for the user, but it would be less intrusive than the current solution. More criticism of it here and here (with good screen captures) and further discussion on Slashdot here. [6628]
  • 2008-Jun-25: Slashdot discusses using self-signed certificates. [6425]
  • 2008-May-08: How to use Apache with SSL and trusted clients, where the clients also need certificates to authenticate. [6071]
  • 2008-Apr-25: Slashdot discusses Choosing an SSL Provider. [5970]
  • 2007-Nov-01: ServerTastic has SSL sertificates for as low as about $10/yr. [3908]
  • StartCom is a Free SSL Certificaiton Authority, they now have browser support from Firefox, Safari and Konqueror. In March'08 they introduced enhanced services, including new features like: multiple domain names and name wild cards, and are rebranding to StartSSL. [3405]
  • Jan-Piet Mens talks about CAcert certificates. [3404]
  • At the start of 2007 Extended SSL Certificates started to appear [3403]
  • offers server certificates from about $15/yr, they also have a 30-day free trial, so you can figure out how to fill in the details correctly. They claim their certificates will be trusted by over 99% of browsers. [3402]
  • EVL1Servers is a reseller of RapidSSL certificates, as is [3401]
  • Slashdot discusses sources of SSL certificates [3400]

              back to home