View previous topic :: View next topic |
Author |
Message |
jeffjohn -
Joined: 02 May 2008 Posts: 38 Location: France 44290 or New Forest,UK
|
Posted: Mon Jan 19, 2009 1:23 pm Post subject: which certification authority |
|
|
Which ca do you have success with?
I am using "no-ip" with Abyss X1. When I tried the Verisign and the Thwarte trial certificates, they did not work. Two possible reasons occur to me; firstly that they are not compatible and secondly, as I entered under "Company" a name that probably they won't find registered, does this produce a non-compliant certificate - if so, can I leave this blank?
Have you found any reliable and free ways to get a working ca ?
Thanks Jeffjohn |
|
Back to top |
|
|
olly86 -
Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK
|
Posted: Tue Jan 20, 2009 1:50 am Post subject: |
|
|
It looks like your asking how to get a free SSL certificate certified / signed by a CA, this is not possible. You need to buy an SSL certificate from them.
You can get a cheapish cert from godaddy.com _________________ Olly |
|
Back to top |
|
|
Moxxnixx -
Joined: 21 Jun 2003 Posts: 1226 Location: Florida
|
Posted: Tue Jan 20, 2009 4:36 am Post subject: Re: which certification authority |
|
|
jeffjohn wrote: | Have you found any reliable and free ways to get a working ca ? | Check out StartCom Free SSL. They offer free yearly certificates.
Aprelium suggested them several months ago. They work very well. |
|
Back to top |
|
|
jeffjohn -
Joined: 02 May 2008 Posts: 38 Location: France 44290 or New Forest,UK
|
Posted: Tue Jan 20, 2009 9:46 am Post subject: SSL certs. |
|
|
Thanks for comments - I tried to use startSSL but the problem seemed to be that you can't register a sub-domain. i.e. myname.co.uk is fine and produces a certificate. but jeff.myname.no-ip.com can not be used. Hence my problem how do you get a cert that is acceptable on the WebServer using a no-ip service?
StartSSL kindly responded to my inquiry so if i get a solution, I'll post it. Unless of course, someone already can tell me!! jeffjohn |
|
Back to top |
|
|
jeffjohn -
Joined: 02 May 2008 Posts: 38 Location: France 44290 or New Forest,UK
|
Posted: Tue Jan 20, 2009 10:06 am Post subject: StartSSL |
|
|
Well i got a reply, but I'm about to give up!!!
QUOTE....
"First of all you have to load the mod_ssl module. Many distributions and packages have this module shipped by default, otherwise check the documentation of Apache how to do this.
To configure a default SSL/TLS aware virtual server, you should add at least the following lines to your httpd.conf or ssl.conf file:
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost _default_:443>
DocumentRoot /home/httpd/private
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /usr/local/apache/conf/ssl.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key
SSLCertificateChainFile /usr/local/apache/conf/sub.class1.server.ca.crt
SSLCACertificateFile /usr/local/apache/conf/ca.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /usr/local/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Download the ca.crt and sub.class1.server.ca.crt for the above configuration. Make sure to change the path according to your apache installation. For windows you need to use something like c:\apache\httpd."
I feel pretty sure this is not the answer to my question! Any comments? |
|
Back to top |
|
|
jeffjohn -
Joined: 02 May 2008 Posts: 38 Location: France 44290 or New Forest,UK
|
Posted: Wed Jan 21, 2009 9:19 pm Post subject: dynamic DNS with Signed SSL certs. |
|
|
ok ...My understanding and progress so far... StartSSL enables an Authorised Signed Cert using a verifiable Domain and e-mail as authentication. However if you are using a dynamic IP address with say "no-ip" their sub-domain addressing format is not acceptable. I
proceeded with the Abyss Request Cert. my domain:myname.co.uk and my e-mail:name @myname.co.uk.
This eventually produces a signed authorised certificate. BUT for the domain supplied. This Cert can be inserted in to the Signed SSL Certificate Abyss Console and switch to HTTPS (443).
Accessing the Server, the Client will get "Unauthorised Site" warnings as the "no-ip" domain name is not recognised. Its origin though is clearly shown as yours. The Browser warning can then be over-ridden by choice, and access enabled. Whether this is an improvement on self-signed certification is a moot point!
I'm hoping someone more knowledgeable can throw more information and light on this subject! |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
Posted: Sun Feb 08, 2009 4:25 pm Post subject: Re: StartSSL |
|
|
jeffjohn,
The instructions they sent you are specific to Apache. If you are using Abyss Web Server, we suggest that you refer to http://www.aprelium.com/abyssws/articles/request-cert-ca.html which provide similar instructions to perform the same action but using the console of our software.
Now, regarding a no-ip.com subdomain, it may be difficult to get a certificate for a subdomain you do not own. So the easiest to do is to register a top level domain name and use it with your no-ip.com account.
Getting a certificate for a top level domain name is not a problem as long as you can prove your identity (this depends on the certification authority but most of them do not care and will just check the domain name whois information and match them with yours). _________________ Support Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
jeffjohn -
Joined: 02 May 2008 Posts: 38 Location: France 44290 or New Forest,UK
|
Posted: Thu Feb 26, 2009 8:06 pm Post subject: |
|
|
Many thanks - that is indeed what I discovered; got the authorised certificate with my top-level domain name and e-mail address. Used that with Abyss and no-ip sub-domains - all works really fine, excepting that Browsers give a warning that CA addresses differ. In Mozilla Firefox a simple 'accept' command appears to work effortlessly and is remembered though IE7 is harder to persuade and WMA music play in Media Player is blocked. |
|
Back to top |
|
|
anybody -
Joined: 17 Mar 2008 Posts: 90
|
Posted: Sat Feb 28, 2009 1:35 am Post subject: Re: which certification authority |
|
|
Moxxnixx wrote: | jeffjohn wrote: | Have you found any reliable and free ways to get a working ca ? | Check out StartCom Free SSL. They offer free yearly certificates.
Aprelium suggested them several months ago. They work very well. | Yeah, they work only if they are known by the developers of, um, web browsers. I've been there and done that and now I just have to ask, have you tried your site/s in different web browsers lately?
Last time I checked their stuff didn't work with and still doesn't work with Internet Explorer. There is no freakin' way your going to run your own store if their stuff isn't recognized by every web browser out there. I'd seriously want something with allot more guarantee then StartCom.
StartCom wrote: | Where, when?
Many software vendors like Mozilla (Firefox) and Apple (Safari) provide built-in support of the StartCom Certification Authority. Sometimes however it's required to import our CA certificate into your browser. |
Last edited by anybody on Sun Mar 01, 2009 2:24 am; edited 1 time in total |
|
Back to top |
|
|
Moxxnixx -
Joined: 21 Jun 2003 Posts: 1226 Location: Florida
|
Posted: Sat Feb 28, 2009 4:48 am Post subject: Re: which certification authority |
|
|
anybody wrote: | Last time I checked their ~censored~ didn't work with and still doesn't work with Internet Explorer. There is no freakin' way your going to run your own store if their ~censored~ isn't recognized by every web browser out there. I'd seriously want something with allot more guarantee then StartCom. | It is highly advised to purchase a certificate from a reliable certificate authority if you plan to run an ecommerce site.
And no, I didn't test them on different browsers as I have no need for a certificate.
I was just testing the installation process when Aprelium first included the SSL option. |
|
Back to top |
|
|
jeffjohn -
Joined: 02 May 2008 Posts: 38 Location: France 44290 or New Forest,UK
|
Posted: Sat Feb 28, 2009 10:51 pm Post subject: |
|
|
well moxxnixx, I'm not expressing any favouritism but personally I found StartCom SSL to do everything it claimed; it is a brilliant free service. Are you sure you imported their CA certificate into your IE7 browser??
That said if trading commercially, then of course you would be advised to opt for recognised Verisign etc etc. who will idemnify you. |
|
Back to top |
|
|
Moxxnixx -
Joined: 21 Jun 2003 Posts: 1226 Location: Florida
|
Posted: Sat Feb 28, 2009 11:06 pm Post subject: |
|
|
jeffjohn,
I wasn't the one having problems with StartCom. It was the guy above my previous post. ;) |
|
Back to top |
|
|
anybody -
Joined: 17 Mar 2008 Posts: 90
|
Posted: Sun Mar 01, 2009 2:22 am Post subject: Re: which certification authority |
|
|
Moxxnixx wrote: | anybody wrote: | Last time I checked their ~censored~ didn't work with and still doesn't work with Internet Explorer. There is no freakin' way your going to run your own store if their ~censored~ isn't recognized by every web browser out there. I'd seriously want something with allot more guarantee then StartCom. | It is highly advised to purchase a certificate from a reliable certificate authority if you plan to run an ecommerce site.
And no, I didn't test them on different browsers as I have no need for a certificate.
I was just testing the installation process when Aprelium first included the SSL option. |
Your talking to a guru here man... You don't need to explain anything to me...
Why advise anything to anyone that can't give them a 100% guarantee? If all your doing is testing then StartCom is your best choice, after all they do have a free option but free is not always your best choice.
RapidSSL.com is your best choice they are cheap and they work with your common web browsers. The two that concern me the most are Firefox and Internet Explorer. They are the most widely used browsers in the world. That is a 100% guarantee. By the way CubeCart uses RapidSSL if you choose to test it out with different browsers. Another tip for you is RapidSSL is a reseller for GeoTrust and what is funny is how both of them aren't even on the list you found on wikipedia.org. ;-\ |
|
Back to top |
|
|
jeffjohn -
Joined: 02 May 2008 Posts: 38 Location: France 44290 or New Forest,UK
|
Posted: Wed Mar 04, 2009 10:10 pm Post subject: |
|
|
moxxnix - quite correct; my humblest apologies! jeffjohn
too much haste, I guess! _________________ jeffrey-john UK, and Loire Atlantique, France 44290.
Abyss Web Server and Genie6 FTP Server Naslite Storage Server, ZyXel gateway, VPN, and IP cams.
|
|
Back to top |
|
|
anybody -
Joined: 17 Mar 2008 Posts: 90
|
Posted: Thu Mar 05, 2009 9:29 am Post subject: |
|
|
Yeah, well, free must be your choice considering your asking for help with SSL for abyss x1 and no-ip.com. If you checked out that page on wikipedia.org that Moxxnixx posted you'd see that StartCom is not trusted by internet explorer at all so if this is something more then just testing then your just out of luck with anyone using internet explorer to access your site. |
|
Back to top |
|
|
venkat20 -
Joined: 10 Aug 2009 Posts: 1
|
Posted: Mon Aug 10, 2009 9:36 am Post subject: |
|
|
olly86 wrote: | It looks like your asking how to get a free SSL certificate certified / signed by a CA, this is not possible. You need to buy an SSL certificate from them.
You can get a cheapish cert from godaddy.com |
I got SSL Certificate in http://www.tucktail.com/ |
|
Back to top |
|
|
jeffjohn -
Joined: 02 May 2008 Posts: 38 Location: France 44290 or New Forest,UK
|
Posted: Mon Aug 10, 2009 5:59 pm Post subject: |
|
|
Yep- thanks guys , I can see that you are absolutely correct! jeffjohn _________________ jeffrey-john UK, and Loire Atlantique, France 44290.
Abyss Web Server and Genie6 FTP Server Naslite Storage Server, ZyXel gateway, VPN, and IP cams.
|
|
Back to top |
|
|
anybody -
Joined: 17 Mar 2008 Posts: 90
|
Posted: Wed Sep 02, 2009 10:07 pm Post subject: Re: which certification authority |
|
|
Moxxnixx wrote: | jeffjohn wrote: | Have you found any reliable and free ways to get a working ca ? | Check out StartCom Free SSL. They offer free yearly certificates.
Aprelium suggested them several months ago. They work very well. | They work only if your browser supports them; Firefox supports them but they do not work with internet explorer.
http://cert.startcom.org/ wrote: | Many software vendors like Mozilla (Firefox) and Apple (Safari) provide built-in support of the StartCom Certification Authority. Sometimes however it's required to import our CA certificate into your browser. | like internet explorer.
If your goal is to explore to learn new things then startcom.org is the answer for you. Now if your setting up a professional site that needs a 100% guarantee then startcom.org is not the answer. Your customer isn't going to take the time to install startcom.org's certificate just so it works with their chosen browser internet explorer. You can't do this for them. they have to make the choice on their own to install the certificate so their browser works with your site. |
|
Back to top |
|
|
|