From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.50)
	id 1EcPIe-000165-VR
	for garchives@archives.gentoo.org; Wed, 16 Nov 2005 15:34:17 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jAGFWkbQ029799;
	Wed, 16 Nov 2005 15:32:46 GMT
Received: from popmail.jettissystems.com (popmail.jettissystems.com [38.118.146.212])
	by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jAGFOBAQ027468
	for <gentoo-user@lists.gentoo.org>; Wed, 16 Nov 2005 15:24:12 GMT
Received: from [192.168.1.75] (adsl-70-228-32-214.dsl.chcgil.ameritech.net [70.228.32.214])
	by popmail.jettissystems.com (Postfix) with ESMTP id 948C156D482
	for <gentoo-user@lists.gentoo.org>; Wed, 16 Nov 2005 07:24:10 -0800 (PST)
Message-ID: <437B4F19.6030903@badapple.net>
Date: Wed, 16 Nov 2005 09:24:09 -0600
From: kashani <kashani-list@badapple.net>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] OT - SSL certificate authorities
References: <437A4861.7050500@gmail.com>
In-Reply-To: <437A4861.7050500@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 61fafa2c-595f-45b3-8601-c3778076e6ab
X-Archives-Hash: e28ff6bd5ca353f39b21a339bce7d542

Antoine wrote:
> Hi,
> We are going to set up ssl on a webserver at work and I guess that means 
> we need a certificate... does anyone have any useful alternatives to 
> Verisign? Are they really worth the name?
> We are not going to be doing any monetary transactions but our clients 
> are very security conscious (who isn't!) and I have no experience in 
> these matters. I am certain the boss will want verisign, as he buys a 
> lot of stuff just for the name but if I can offer him a comparable 
> alternative at a fraction of the cost he may go for it.

	We've got a number of customers that use Geotrust which is 
significantly cheaper than Verisign/Thwate. Someone also uses Starfield 
which is dirt cheap.

	There is a technical issue when using certs no one has ever heard of 
before. Many times their cert company's root certs or whatever are not 
in the user's browser. In order to fix this you'll need install the cert 
company's intermediate cert or chain cert on your server so that the 
broswer can chain your new cert to a cert it already trusts.

SSLCACertificateFile conf/ssl.crt/starfield-chain.crt

kashani
-- 
gentoo-user@gentoo.org mailing list