Re: [SAGE] Are cheap SSL certificates legitimate?

["Sandor W. Sklar" <ssklar@stanford.edu>]

On Jan 19, 2007, at 10:54 AM, Julian C. Dunn wrote:

> On Fri, 19 Jan 2007, Alexander Lobodzinski wrote:
>
>> () At my work we have several internal websites which we serve  
>> over SSL
>> () with self-signed certificates.  Users complain about the  
>> annoyance of
>> () having to approve loading these sites in their browser every time.
>>
>> I cannot comment on namecheap.com, but did you consider creating a  
>> root certificate (valid 15 years or so) and use that to sign the  
>> various web/imap/smtp site certificates?  Then every user has to  
>> load your root cert once and that's it.
>
> I think that what the OP is saying is that he doesn't want to make  
> every user load a custom root certificate, possibly because of the  
> size of his installed base or for other reasons.

We've switched to certs from Comodo (www.instantssl.com), which are  
much less expensive then those from Verisign (I think they are $70  
for a two year cert.)  The main problem has been that not all  
browsers "trust" these certs; you have to install on your server an  
certificate chain file that adds this trust level.  Not difficult,  
just another thing to deal with.

	-s-