You need to buy a real certificate.
You need to buy a real certificate.
Cheers Geoff. Are there a few places that you can get those and are they really expensive?
Verisign, Thwaite or GoDaddy. The price depends on what you want. It varies depending on how many hosts you want, the insurance level and the encryption level.
eg, have a look at GoDaddy.
They vary from $20 to $500 a year depending on your requirements.
Are any/some/most schools doing this already - or are you just putting up with the warning?
Try this link. It is suppossed to be free.
Let me know how you get on as it appears I also need one but have not had the time to try this yet.
Start Com Free SSL Certificates
We have a full blown PKI infrastructure here, so we can deploy our own CA + Client certs to our machines internally. Thus they trust the server certs implicitly.
Our external web access to internally run sites (eg, our VLE running Moodle) is done through a reverse proxy. The SSL cert the clients out on the internet see is from this proxy rather than from our internal web server. So it's not my problem.
Sadly CLEO haven't bothered to use a real wildcard cert from *.lancs.sch.uk though so the warning will currently popup.
You can see this for yourself, browse to our VLE.
Yeah, I saw that on the other page and hoped that someone else had tried it first tooOriginally Posted by krb548
Wow, great looking site Geoff.
I think if you've got a domain and this is only for staff, then make/use your own CA and get them to your CA cert at home- could have other uses down the line and [don't groan] it's yet another opportunity to try and educate your users about this stuff.
I used to routinely build win32 openssl for making a CA and certs for Windows back in the 20th century when the US crackable-crypto export regulations were still a bit serious.Can also be done on windows with openssl
[Those regs banned export of strong data encryption but did allow for strong *authentication*. Early non-US Cert Server wouldn't let you have decent key lengths but if you made say a 2048 bit cert via openssl, IIS would happily use it... which was a good thing even though the subsequent SSL data encryption was weak]
We use ipsCA (http://certs.ipsca.com/) who give free SSL certs for education (web site talks about .edu domain; we had no problems getting for a .ac.uk domain and I'd guess they'd be happy with anyone who is demonstrably education).
Sorry for the bump but could I have some feedback on how using the free SSL certs have gone. We are getting tired of certificate errors for our external services (space access and webmail). We have looked at the StartCom and ipSCA offerings but are slightly wary of being authenticated by random companies.
So any opinions?
I've used Comodo in the past and they provide instructions how to import the certificate using all kinds of software. In my case I used IIS6.
I'd recommend option 3 as this will do everything you want from it. For £100 it'll last 3 years.
The more expensive certificates allow them to function with IE7 and FF 2.x. A good example of this is PayPal, where the address bar goes green. Very expensive for what it is, but the warranty value is incredibly high.
Eventually it'll become the standard until someone develops another "security idea" and sells it for a premium.
Unsuprisingly yes.. buying certificates when someone's willing to give them to you, or at least Education, for free is silly. Pragmatically no one is going to care where it came from provided their browser trusts the CA. The new (rip-off?) EV stuff is irrelevant unless you're a business taking credit card details off visitors etc.So any opinions?
If all you want is to stop scary pop-ups in IE & Firefox for staff then an ipsCA freebie should be fine.
[And if you're bothered about the security angle you probably ought to be giving your users client certificates in order to access your site, but that's another argument and a lot of work]
Regarding startcom SSL certificates - the CA is trusted in all browsers apart from IE at the moment.
I've used them before, and it's simply a case of filling out the form, then pasting in the output from the IIS certification wizard, and receiving email at an administrative email address for your domain with an authentication link to get the certificate.
There are currently 1 users browsing this thread. (0 members and 1 guests)