[ale] SSL Certs for $14.95

James P. Kinney III jkinney at localnetsolutions.com
Thu Apr 6 09:54:09 EDT 2006


On Thu, 2006-04-06 at 09:02 -0400, Christopher Fowler wrote:
> As soon as I get off Earthlink then I can get the servers in DNS and get
> my certs signed.
> 
I have signed certs for just an IP address for one client. Apache is
configured to use the IP as the server name and the cert is just fine
with that.

The only thing the cert with a real servername does (instead of an IP
address) is it makes it possible to transfer the web server to a new
hosting environment and just copy over the cert. As long as the server
name is the same, all is good.  In the case of my guy with the IP
address, he changed ISP and thus got a new IP address for his server.
That required him to buy a new cert.

But also heed Mike Warfields warning about client certs. If hardware
clients are going to access the server without users looking at a
screen, you don't need a signed cert. Set up a CA machine and use it to
generate the cert for the server and then use it to sign the client
certs. Make a client cert for each physical client. You will need to
import the CA cert into each client system in order to use your new CA
system. That is the same security as having a Thawte cert accepted as a
CA in Firefox. 
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list