Re: SSL Certs
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 50803
interpreted = N
texte = Michael Davis wrote:> I've had a cert from Thawte for several years. I understand how that> works. What I am not sure of is the self-signed cert business. Can I> run a secure server with a self signed cert? Well, I know I can, but> what happens on the visitor's end?> I assume they get a warning message> of some kind?yep. Microsoft seems to have the scariest messages. *warning* thisis not a recognized.... blah blah.> I assume that if they accept the message, that the> connection is encrypted and as secure as any other SSL connection using> a third party verifier such as Verisign, TuCows, or Thawte (not that> the merchant is guaranteed reputable, just that the connection is as> secure). Am I close?Well, I think different companies do different things. I don't knowthe depths of it but I have heard that verisign for example, checks againstthe validity of the business requesting the cert and that this info is availableto the visitor. anyone? (thus giving a visitor better assurance that this businessis who it says it is.)> What roadblocks stand in the way of one person's> providing a secure connection to their server visitors and another> person who wants to visit that site securely? Is it all a matter of> the verification and assurance process that the Verisigns of the world> provide? Is there anything more that keeps secure connections from> being commonplace and freely establish-able from the web hosting> perspective? I know that browsers have built-in root cert knowledge.> How does that play into the equation?no nasty message on known providers.just go visit the different cert sites and read what kind of assurance theyprovide. All my info comes from perusing Web* debates on the topic, halfpaying attention sort of thing but it sounds like there is more to a reputablecert provider than a secure connection.Donovan>>> Thanks,> Mike-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Michael Davis wrote:> I've had a cert from Thawte for several years. I understand how that> works. What I am not sure of is the self-signed cert business. Can I> run a secure server with a self signed cert? Well, I know I can, but> what happens on the visitor's end?> I assume they get a warning message> of some kind?yep. Microsoft seems to have the scariest messages. *warning* thisis not a recognized.... blah blah.> I assume that if they accept the message, that the> connection is encrypted and as secure as any other SSL connection using> a third party verifier such as Verisign, TuCows, or Thawte (not that> the merchant is guaranteed reputable, just that the connection is as> secure). Am I close?Well, I think different companies do different things. I don't knowthe depths of it but I have heard that verisign for example, checks againstthe validity of the business requesting the cert and that this info is availableto the visitor. anyone? (thus giving a visitor better assurance that this businessis who it says it is.)> What roadblocks stand in the way of one person's> providing a secure connection to their server visitors and another> person who wants to visit that site securely? Is it all a matter of> the verification and assurance process that the Verisigns of the world> provide? Is there anything more that keeps secure connections from> being commonplace and freely establish-able from the web hosting> perspective? I know that browsers have built-in root cert knowledge.> How does that play into the equation?no nasty message on known providers.just go visit the different cert sites and read what kind of assurance theyprovide. All my info comes from perusing Web* debates on the topic, halfpaying attention sort of thing but it sounds like there is more to a reputablecert provider than a secure connection.Donovan>>> Thanks,> Mike-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Donovan home EHG
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Secure Server (1997)
Merchant account (1998)
Re:Emailer and encryption (1997)
[WebDNA] email server (2011)
WebDNA and SQL (2003)
WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997)
I have troubles to send message out (1998)
RE: Nesting [ListFiles] (1998)
WebCat2b15MacPlugin - showing [math] (1997)
Re:no [search] with NT (1997)
Resume Catalog ? (1997)
formula's (1998)
Emailer pref's won't save (2005)
problem with text A (2000)
Return records from another (1997)
DreamWeaver MX Bug (2002)
WebCatalog for guestbook ? (1997)
Authenticate (1997)
WebCat2final1 crashes (1997)
.html processing? (1998)