which certification authority

 
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates
View previous topic :: View next topic  
Author Message
jeffjohn
-


Joined: 02 May 2008
Posts: 38
Location: France 44290 or New Forest,UK

PostPosted: Mon Jan 19, 2009 1:23 pm    Post subject: which certification authority Reply with quote

Which ca do you have success with?
I am using "no-ip" with Abyss X1. When I tried the Verisign and the Thwarte trial certificates, they did not work. Two possible reasons occur to me; firstly that they are not compatible and secondly, as I entered under "Company" a name that probably they won't find registered, does this produce a non-compliant certificate - if so, can I leave this blank?

Have you found any reliable and free ways to get a working ca ?

Thanks Jeffjohn
Back to top View user's profile Send private message
olly86
-


Joined: 25 Apr 2003
Posts: 993
Location: Wiltshire, UK

PostPosted: Tue Jan 20, 2009 1:50 am    Post subject: Reply with quote

It looks like your asking how to get a free SSL certificate certified / signed by a CA, this is not possible. You need to buy an SSL certificate from them.

You can get a cheapish cert from godaddy.com
_________________
Olly
Back to top View user's profile Send private message
Moxxnixx
-


Joined: 21 Jun 2003
Posts: 1226
Location: Florida

PostPosted: Tue Jan 20, 2009 4:36 am    Post subject: Re: which certification authority Reply with quote

jeffjohn wrote:
Have you found any reliable and free ways to get a working ca ?
Check out StartCom Free SSL. They offer free yearly certificates.
Aprelium suggested them several months ago. They work very well.
Back to top View user's profile Send private message Visit poster's website
jeffjohn
-


Joined: 02 May 2008
Posts: 38
Location: France 44290 or New Forest,UK

PostPosted: Tue Jan 20, 2009 9:46 am    Post subject: SSL certs. Reply with quote

Thanks for comments - I tried to use startSSL but the problem seemed to be that you can't register a sub-domain. i.e. myname.co.uk is fine and produces a certificate. but jeff.myname.no-ip.com can not be used. Hence my problem how do you get a cert that is acceptable on the WebServer using a no-ip service?
StartSSL kindly responded to my inquiry so if i get a solution, I'll post it. Unless of course, someone already can tell me!! jeffjohn
Back to top View user's profile Send private message
jeffjohn
-


Joined: 02 May 2008
Posts: 38
Location: France 44290 or New Forest,UK

PostPosted: Tue Jan 20, 2009 10:06 am    Post subject: StartSSL Reply with quote

Well i got a reply, but I'm about to give up!!!

QUOTE....
"First of all you have to load the mod_ssl module. Many distributions and packages have this module shipped by default, otherwise check the documentation of Apache how to do this.

To configure a default SSL/TLS aware virtual server, you should add at least the following lines to your httpd.conf or ssl.conf file:

LoadModule ssl_module modules/mod_ssl.so

Listen 443

<VirtualHost _default_:443>
DocumentRoot /home/httpd/private
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateFile /usr/local/apache/conf/ssl.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key
SSLCertificateChainFile /usr/local/apache/conf/sub.class1.server.ca.crt
SSLCACertificateFile /usr/local/apache/conf/ca.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /usr/local/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>



Download the ca.crt and sub.class1.server.ca.crt for the above configuration. Make sure to change the path according to your apache installation. For windows you need to use something like c:\apache\httpd."

I feel pretty sure this is not the answer to my question! Any comments?
Back to top View user's profile Send private message
jeffjohn
-


Joined: 02 May 2008
Posts: 38
Location: France 44290 or New Forest,UK

PostPosted: Wed Jan 21, 2009 9:19 pm    Post subject: dynamic DNS with Signed SSL certs. Reply with quote

ok ...My understanding and progress so far... StartSSL enables an Authorised Signed Cert using a verifiable Domain and e-mail as authentication. However if you are using a dynamic IP address with say "no-ip" their sub-domain addressing format is not acceptable. I
proceeded with the Abyss Request Cert. my domain:myname.co.uk and my e-mail:name @myname.co.uk.
This eventually produces a signed authorised certificate. BUT for the domain supplied. This Cert can be inserted in to the Signed SSL Certificate Abyss Console and switch to HTTPS (443).
Accessing the Server, the Client will get "Unauthorised Site" warnings as the "no-ip" domain name is not recognised. Its origin though is clearly shown as yours. The Browser warning can then be over-ridden by choice, and access enabled. Whether this is an improvement on self-signed certification is a moot point!

I'm hoping someone more knowledgeable can throw more information and light on this subject!
Back to top View user's profile Send private message
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Sun Feb 08, 2009 4:25 pm    Post subject: Re: StartSSL Reply with quote

jeffjohn,

The instructions they sent you are specific to Apache. If you are using Abyss Web Server, we suggest that you refer to http://www.aprelium.com/abyssws/articles/request-cert-ca.html which provide similar instructions to perform the same action but using the console of our software.

Now, regarding a no-ip.com subdomain, it may be difficult to get a certificate for a subdomain you do not own. So the easiest to do is to register a top level domain name and use it with your no-ip.com account.

Getting a certificate for a top level domain name is not a problem as long as you can prove your identity (this depends on the certification authority but most of them do not care and will just check the domain name whois information and match them with yours).
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
jeffjohn
-


Joined: 02 May 2008
Posts: 38
Location: France 44290 or New Forest,UK

PostPosted: Thu Feb 26, 2009 8:06 pm    Post subject: Reply with quote

Many thanks - that is indeed what I discovered; got the authorised certificate with my top-level domain name and e-mail address. Used that with Abyss and no-ip sub-domains - all works really fine, excepting that Browsers give a warning that CA addresses differ. In Mozilla Firefox a simple 'accept' command appears to work effortlessly and is remembered though IE7 is harder to persuade and WMA music play in Media Player is blocked.
Back to top View user's profile Send private message
anybody
-


Joined: 17 Mar 2008
Posts: 90

PostPosted: Sat Feb 28, 2009 1:35 am    Post subject: Re: which certification authority Reply with quote

Moxxnixx wrote:
jeffjohn wrote:
Have you found any reliable and free ways to get a working ca ?
Check out StartCom Free SSL. They offer free yearly certificates.
Aprelium suggested them several months ago. They work very well.
Yeah, they work only if they are known by the developers of, um, web browsers. I've been there and done that and now I just have to ask, have you tried your site/s in different web browsers lately?

Last time I checked their stuff didn't work with and still doesn't work with Internet Explorer. There is no freakin' way your going to run your own store if their stuff isn't recognized by every web browser out there. I'd seriously want something with allot more guarantee then StartCom.

StartCom wrote:
Where, when?

Many software vendors like Mozilla (Firefox) and Apple (Safari) provide built-in support of the StartCom Certification Authority. Sometimes however it's required to import our CA certificate into your browser.


Last edited by anybody on Sun Mar 01, 2009 2:24 am; edited 1 time in total
Back to top View user's profile Send private message
Moxxnixx
-


Joined: 21 Jun 2003
Posts: 1226
Location: Florida

PostPosted: Sat Feb 28, 2009 4:48 am    Post subject: Re: which certification authority Reply with quote

anybody wrote:
Last time I checked their ~censored~ didn't work with and still doesn't work with Internet Explorer. There is no freakin' way your going to run your own store if their ~censored~ isn't recognized by every web browser out there. I'd seriously want something with allot more guarantee then StartCom.
It is highly advised to purchase a certificate from a reliable certificate authority if you plan to run an ecommerce site.

And no, I didn't test them on different browsers as I have no need for a certificate.
I was just testing the installation process when Aprelium first included the SSL option.
Back to top View user's profile Send private message Visit poster's website
jeffjohn
-


Joined: 02 May 2008
Posts: 38
Location: France 44290 or New Forest,UK

PostPosted: Sat Feb 28, 2009 10:51 pm    Post subject: Reply with quote

well moxxnixx, I'm not expressing any favouritism but personally I found StartCom SSL to do everything it claimed; it is a brilliant free service. Are you sure you imported their CA certificate into your IE7 browser??

That said if trading commercially, then of course you would be advised to opt for recognised Verisign etc etc. who will idemnify you.
Back to top View user's profile Send private message
Moxxnixx
-


Joined: 21 Jun 2003
Posts: 1226
Location: Florida

PostPosted: Sat Feb 28, 2009 11:06 pm    Post subject: Reply with quote

jeffjohn,
I wasn't the one having problems with StartCom. It was the guy above my previous post. ;)
Back to top View user's profile Send private message Visit poster's website
anybody
-


Joined: 17 Mar 2008
Posts: 90

PostPosted: Sun Mar 01, 2009 2:22 am    Post subject: Re: which certification authority Reply with quote

Moxxnixx wrote:
anybody wrote:
Last time I checked their ~censored~ didn't work with and still doesn't work with Internet Explorer. There is no freakin' way your going to run your own store if their ~censored~ isn't recognized by every web browser out there. I'd seriously want something with allot more guarantee then StartCom.
It is highly advised to purchase a certificate from a reliable certificate authority if you plan to run an ecommerce site.

And no, I didn't test them on different browsers as I have no need for a certificate.
I was just testing the installation process when Aprelium first included the SSL option.

Your talking to a guru here man... You don't need to explain anything to me...

Why advise anything to anyone that can't give them a 100% guarantee? If all your doing is testing then StartCom is your best choice, after all they do have a free option but free is not always your best choice.

RapidSSL.com is your best choice they are cheap and they work with your common web browsers. The two that concern me the most are Firefox and Internet Explorer. They are the most widely used browsers in the world. That is a 100% guarantee. By the way CubeCart uses RapidSSL if you choose to test it out with different browsers. Another tip for you is RapidSSL is a reseller for GeoTrust and what is funny is how both of them aren't even on the list you found on wikipedia.org. ;-\
Back to top View user's profile Send private message
jeffjohn
-


Joined: 02 May 2008
Posts: 38
Location: France 44290 or New Forest,UK

PostPosted: Wed Mar 04, 2009 10:10 pm    Post subject: Reply with quote

moxxnix - quite correct; my humblest apologies! jeffjohn

too much haste, I guess!
_________________
jeffrey-john UK, and Loire Atlantique, France 44290.
Abyss Web Server and Genie6 FTP Server Naslite Storage Server, ZyXel gateway, VPN, and IP cams.

Back to top View user's profile Send private message
anybody
-


Joined: 17 Mar 2008
Posts: 90

PostPosted: Thu Mar 05, 2009 9:29 am    Post subject: Reply with quote

Yeah, well, free must be your choice considering your asking for help with SSL for abyss x1 and no-ip.com. If you checked out that page on wikipedia.org that Moxxnixx posted you'd see that StartCom is not trusted by internet explorer at all so if this is something more then just testing then your just out of luck with anyone using internet explorer to access your site.
Back to top View user's profile Send private message
venkat20
-


Joined: 10 Aug 2009
Posts: 1

PostPosted: Mon Aug 10, 2009 9:36 am    Post subject: Reply with quote

olly86 wrote:
It looks like your asking how to get a free SSL certificate certified / signed by a CA, this is not possible. You need to buy an SSL certificate from them.

You can get a cheapish cert from godaddy.com


I got SSL Certificate in http://www.tucktail.com/
Back to top View user's profile Send private message
jeffjohn
-


Joined: 02 May 2008
Posts: 38
Location: France 44290 or New Forest,UK

PostPosted: Mon Aug 10, 2009 5:59 pm    Post subject: Reply with quote

Yep- thanks guys , I can see that you are absolutely correct! jeffjohn
_________________
jeffrey-john UK, and Loire Atlantique, France 44290.
Abyss Web Server and Genie6 FTP Server Naslite Storage Server, ZyXel gateway, VPN, and IP cams.

Back to top View user's profile Send private message
anybody
-


Joined: 17 Mar 2008
Posts: 90

PostPosted: Wed Sep 02, 2009 10:07 pm    Post subject: Re: which certification authority Reply with quote

Moxxnixx wrote:
jeffjohn wrote:
Have you found any reliable and free ways to get a working ca ?
Check out StartCom Free SSL. They offer free yearly certificates.
Aprelium suggested them several months ago. They work very well.
They work only if your browser supports them; Firefox supports them but they do not work with internet explorer.

http://cert.startcom.org/ wrote:
Many software vendors like Mozilla (Firefox) and Apple (Safari) provide built-in support of the StartCom Certification Authority. Sometimes however it's required to import our CA certificate into your browser.
like internet explorer.

If your goal is to explore to learn new things then startcom.org is the answer for you. Now if your setting up a professional site that needs a 100% guarantee then startcom.org is not the answer. Your customer isn't going to take the time to install startcom.org's certificate just so it works with their chosen browser internet explorer. You can't do this for them. they have to make the choice on their own to install the certificate so their browser works with your site.
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group