successfully installed openssl on hosted server - host says there i sno security unless I buy separate certificate - is that right? - Security

This is a discussion on successfully installed openssl on hosted server - host says there i sno security unless I buy separate certificate - is that right? - Security ; I successfully installed openssl on hosted server. The host company says that offers no security or encryption unless I buy a certificate from them or a third party like verisign. If I try to open my site using httpS://, a ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: successfully installed openssl on hosted server - host says there i sno security unless I buy separate certificate - is that right?

  1. successfully installed openssl on hosted server - host says there i sno security unless I buy separate certificate - is that right?

    I successfully installed openssl on hosted server. The host company says
    that offers no security or encryption unless I buy a certificate from them
    or a third party like verisign.

    If I try to open my site using httpS://, a prompt pops up telling me the
    cert is not certified by anyone and do I want to accept it.

    I accept it and there is a locked key in the browser.

    Is the traffic encrypted (thus the tech is wrong)?

    It is interesting in that the hosting company's login has the SAME prompt
    when logging in.



  2. Re: successfully installed openssl on hosted server - host says there i sno security unless I buy separate certificate - is that right?


    NotGiven wrote:
    > I successfully installed openssl on hosted server. The host company says
    > that offers no security or encryption unless I buy a certificate from them
    > or a third party like verisign.
    >
    > If I try to open my site using httpS://, a prompt pops up telling me the
    > cert is not certified by anyone and do I want to accept it.


    This is standard (and "the" standard) behavior. Ie., do _you_ trust
    that this is a legit cert?

    > I accept it and there is a locked key in the browser.


    And the protocol in the browser's url is https -- note the added "s"
    (as in secure) -- so long as you're using ssl/https.

    > Is the traffic encrypted (thus the tech is wrong)?


    The tech is clueless :-) Try sniffing the traffic with ethereal.

    > It is interesting in that the hosting company's login has the SAME prompt
    > when logging in.


    Anyone can generate a certificate with whatever location, etc. info
    they please. The purpose of a "trusted" third party is to _verify_
    that the certificate "owner" is who they say they are and that they are
    relatively trustworthy (ie., sufficient score on credit report and/or
    authorized to request certificate verification on behalf of the
    organization).

    For your own use (or a relatively small number of people) there is no
    reason to obtain some
    "seal of approval" from a third party. In fact, you might be surprised
    how many organiztions have not renewed their expired certs.

    hth,
    prg


  3. Re: successfully installed openssl on hosted server - host says there i sno security unless I buy separate certificate - is that right?

    "prg" wrote in message
    news:1135032922.921937.36430@z14g2000cwz.googlegro ups.com...
    >
    > NotGiven wrote:
    >> I successfully installed openssl on hosted server. The host company says
    >> that offers no security or encryption unless I buy a certificate from
    >> them
    >> or a third party like verisign.
    >>
    >> If I try to open my site using httpS://, a prompt pops up telling me the
    >> cert is not certified by anyone and do I want to accept it.

    >
    > This is standard (and "the" standard) behavior. Ie., do _you_ trust
    > that this is a legit cert?
    >
    >> I accept it and there is a locked key in the browser.

    >
    > And the protocol in the browser's url is https -- note the added "s"
    > (as in secure) -- so long as you're using ssl/https.
    >
    >> Is the traffic encrypted (thus the tech is wrong)?

    >
    > The tech is clueless :-) Try sniffing the traffic with ethereal.
    >
    >> It is interesting in that the hosting company's login has the SAME prompt
    >> when logging in.

    >
    > Anyone can generate a certificate with whatever location, etc. info
    > they please. The purpose of a "trusted" third party is to _verify_
    > that the certificate "owner" is who they say they are and that they are
    > relatively trustworthy (ie., sufficient score on credit report and/or
    > authorized to request certificate verification on behalf of the
    > organization).
    >
    > For your own use (or a relatively small number of people) there is no
    > reason to obtain some
    > "seal of approval" from a third party. In fact, you might be surprised
    > how many organiztions have not renewed their expired certs.
    >
    > hth,
    > prg



    Thanks!



+ Reply to Thread