[PLUG] Godaddy Certs - was Secret message web page

Pomeroy Lab admin at mindblowingidea.com
Mon Apr 16 20:17:00 UTC 2007


godaddy.com has really hurt me, they know nothing about the .net framework and can't keep their servers up and running very well. I can tell you geocities works very well but the people there can't help you much so you are on your own. And as for the Java web page editor it only works in Windows.

alan <alan at clueserver.org> wrote: On Mon, 16 Apr 2007, Wil Cooley wrote:

> Keith Lofstrom wrote:
>> On Mon, Apr 16, 2007 at 09:02:50AM -0700, Charlie Schluting wrote:
>>> If this will be used by many people, I'd suggest password protecting it
>>> first of all. Buying a $20 SSL cert from godaddy is also a good idea.
>>> (Yes, their CA cert is in everyone's browser)
>> 
>> That is an excellent suggestion.  While this page won't be used by
>> many people, I may set up something that is, and those little popup
>> warnings are annoying.  In the past, certs usually cost hundreds of
>> dollars a year, and I put up with a little annoyance to avoid that
>> cost.  But $20/year is quite affordable.
>> 
>> I use dyndns for all my other registration and DNS needs.  They don't
>> offer certs yet, but perhaps they will in the future, so I will check
>> with them first.  I don't know how long it takes for a CA cert to become 
>> available to people's browsers, or what the process involves,
>> but if this happens quickly I will try to go with one provider.
>
> You have to generate a private key and a certificate-signing request (CSR), 
> then send or upload the CSR to the provider.  The provider generates a 
> certificate which you then download and point your web server at.  Sometimes 
> there is an intermediate certificate that you need to install; basically it 
> is another certificate from your provider signed by a bigger provider, 
> because the actual provider's cert wasn't in the standard keystore.  I've had 
> to do this with one of the cheap cert providers; it's generally one 
> additional line of configuration and the end users do not notice.
>
> Another benefit, of course, is that if you have other services on the host 
> that you want protected you can use it for them also--just as long as the 
> hostname in use matches.  If you had a server called 'home.kl-ic.com' that 
> you were going to host this web app and also provided SMTPS and IMAPS so you 
> could access your e-mail remotely, you can use this same cert with all the 
> servers.
>
> You might find my handful of notes useful: 
> http://nakedape.cc/wiki/ApplicationNotes_2fSslNotes

I have heard all sorts of nasty things about GoDaddy from different 
sources, so I won't use them.

There used to be a free SSL cert group that used a web of trust scheme to 
verify certs.  I can't remember the name at the moment.  There are ways to 
generate self-signed certs, as well as create your own root CA.

References here:

http://www.openssl.org/related/

-- 
"Invoking the supernatural can explain anything, and hence explains nothing."
                   - University of Utah bioengineering professor Gregory Clark
_______________________________________________
PLUG mailing list
PLUG at lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug




More information about the PLUG mailing list