Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
December 19, 2005, 9:55 pm
rate this thread
that offers no security or encryption unless I buy a certificate from them
or a third party like verisign.
If I try to open my site using httpS://, a prompt pops up telling me the
cert is not certified by anyone and do I want to accept it.
I accept it and there is a locked key in the browser.
Is the traffic encrypted (thus the tech is wrong)?
It is interesting in that the hosting company's login has the SAME prompt
when logging in.
Re: successfully installed openssl on hosted server - host says there i sno security unless I buy separate certificate - is that right?
This is standard (and "the" standard) behavior. Ie., do _you_ trust
that this is a legit cert?
And the protocol in the browser's url is https -- note the added "s"
(as in secure) -- so long as you're using ssl/https.
The tech is clueless :-) Try sniffing the traffic with ethereal.
Anyone can generate a certificate with whatever location, etc. info
they please. The purpose of a "trusted" third party is to _verify_
that the certificate "owner" is who they say they are and that they are
relatively trustworthy (ie., sufficient score on credit report and/or
authorized to request certificate verification on behalf of the
For your own use (or a relatively small number of people) there is no
reason to obtain some
"seal of approval" from a third party. In fact, you might be surprised
how many organiztions have not renewed their expired certs.
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security