You can generate your own certificates with OpenSSL, but you need to either get your root certificate into every piece of "verifying software" (browser), or else get all your users to manually accept each certificate, which greatly reduces security (because, with no way to know any better, they will just accept any counterfeit certificate without question, so your ADVERSARY can use OpenSSL to generate the counterfeits to attack you with).
The justification for the cost of commercial certificates is that the commercial CA has paid a significant fraction of a million US dollars to both Microsoft and Netscape in order to put their commercial root into the generally distributed binaries of IE and Navigator.
We buy our commercial certificates from Thawte. We have a web-based mechanism for downloading our local root into the various web browsers, after doing so, our locally generated certificates (generated by a web app that is a few thousand lines of Perl wrapped around OpenSSL) are just as good as the commercial ones.
Hope this helps!
Ryan Schefke wrote:
Me for asking this question, I'm just not sure where to start but with the
experts here.
I'm moving my PHP and MySQL application to a hosting server. Currently, I'm
looking at 1and1.com's dedicated servers on a Linux machine for $49/month
(let me know if there are better choices). One problem though, the
dedicated server, unlike a shared server, does not have a SSL certificate.
So, I need one. Can anyone recommend a low cost (preferably free), and easy to install (since I have to do it myself) SSL Cert?
Thanks, Ryan
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
