 |
Certificate and Keys |
Home |
|
Purchasing a Certificate
The previous steps showed us how to create a self signed certificate for testing purpose. The site is secured with
this certificate and is a cheap method for securing a site for your own personal use. However, there is
one drawback, when we use the secured site we are presented with the Security Alert dialog. This dialog is
telling us the Certificate Authority, CA, who issused the SSL certificate is not recongizsed as a trusted issuing
authority. This can be seen by the yellow -yield sign- icon on the security alert dialog. The browser determines the
trusted companies by comparing the signed certificate against a preinstalled list of trusted companies contained within the
browser. New versions of the browser may include new trusted authority determined by the company such as Netscape.
from the security alert dialog we may chose to install our self signed certificate as a SSL certificate signed by a trusted
company (ourself) we know the certificate is good because we ourself created it.
Trusted CA root certificate
In the real world customers may not proceed beyound the security alert dialog, refusing not to trust a stranger.
Other customers may not understand whats going on with the alert dialog and will simply abort the operation as things dont
seem normal. To prevent the dialog from displaying and scarying away potential customers you must have your certificate
signed by a trusted company. All trusted companies can be found in the Trusted Root which is the preinstalled list found in
supported browsers.
You can view the Trusted CA root certificate store from the browser by selecting:
|
Microsoft: Tools-->Internet Options-->Content-->Certificates-->Trusted Root Certification Authorities
Netscape: Edit-->Preference-->Privacy & Security-->Certificates--->Manage Certificates--->Authorities
|
To have you new certificate signed by a Trusted CA you must first chose a trusted vendor then create a Certificate
Signing Request (*.csr) and key (*.key), to be e-mailed, copy paste, to the vendor. Procedures and prices vary among
different vendors. You will have to go to the selected vendor and follow their instructions for creating both .csr and .key.
The procedures will be similar to our previous examples.
The Trusted CA vendor I chosed for my site is
FreeSSL.com. No, its not free (used to be) but quite afforadable compared to other
vendors. However, the ChanedSSL CA is not included in the Trusted CA Root list of older browser. This was a trade off I
considered for a lowere purchase price.
To learn more about SSL Certificates and various providers visit the
www.SSLreview.com, formly whichssl.org, web site.
|
|
Certificate and Keys |
Home |
|
Related Articles
|
Secure your webserver with a SSL Certificate at FreeSSL.com. The lowest cost
provider of fully supported, highly trusted 128 bit SSL Certificates ideal for low volume / low value transaction,
professional level and development websites - delivered immediately!
|
|
|
The Thawte Web
Server Certificate connects at 128 bit, 56 bit or 40 bit depending on the client's browser capability |
|
|
Baltimore OmniRoot is the exclusive Baltimore public root certificate
pre-distributed in 99% of the world’s browsers (equivalent penetration to the market leader in the SSL Server
Certificate space) - providing state of the Art 128-bit encryption. |
|
|
GeoTrust, the leading provider of next generation information security services, delivers secure e-commerce
transactions, identity verification and authentication solutions to the global web community. GeoTrust ensures a
new level of e-business security |
|
|
SSL certificates are ideal for securing Web sites, intranets and extranets.
Each of our Secure Site solutions delivers powerful SSL encryption and comes with VeriSign's industry-leading business
identity Authentication Service.
|
|
