[plug] SSL certificates?

[Jeremy Malcolm]

On 02/07/2008, at 11:39 AM, Fred Janon wrote:

> Hi,
>
> I am working on a web site using Tomcat on Ubuntu, I need to provide  
> secure access to some of the pages with HTTPS/SSL. The site will be  
> accessible through a ".com" and a ".com.au" address. I am clueless  
> about how many and what kind of SSL certificate I should buy... Any  
> idea?

Depends who your users are.  If they are the kind who will be  
frightened off by a warning dialog, then buy two certificates (one for  
each domain) from somewhere like instantssl.com.  However be aware  
that you will also need at least two IP addresses if you want to do  
that, because you can't serve two different SSL connections from a  
single IP address.

There is no need to pay extra for EV certificates; the only real  
difference is that they turn the browser's address bar green (except  
in Safari), which actually freaks users out and confuses them.

If your need is only for security between the browser and the server,  
not for authentication of the server's identity, then you don't really  
need to pay for a third party certification authority and can use self- 
signed certificates.  Alternatively, sign up at cacert.org and get  
them to sign your certificates for free.  Browsers will still baulk at  
them by default, though.

-- 
Jeremy Malcolm LLB (Hons) B Com
Internet and Open Source lawyer, IT consultant, actor
host -t NAPTR 1.0.8.0.3.1.2.9.8.1.6.e164.org|awk -F! '{print $3}'