Author |
Message |
Fido
Big Dog


Joined: 18 Oct 2000 Posts: 4423
|
Posted:
Mon Mar 01, 2004 7:43 pm Post subject: An introduction to SSL Certificates |
|
Feel free to post any questions, comments, or feedback regarding this article. We will do our best to answer any questions you may have, and look forward to your feedback on this article!
Original Article - http://www.littlewhitedog.com/content-71.html |
|
|
|
|
ThunderDawg
Alpha Dog


Joined: 14 Apr 2002 Posts: 18602
Location: Where Summer Spends the Winter
|
Posted:
Tue Mar 02, 2004 4:37 am Post subject: |
|
Good article, Demon. It's always refreshing to read from someone who knows their own language well.
/me looks forward to the sequel |
_________________
|
|
|
|
soup4you2
Tail-Wagger


Joined: 15 Mar 2002 Posts: 2471
Location: Desolate wastelands of Virginia
|
Posted:
Tue Mar 02, 2004 5:39 am Post subject: |
|
now thats what i'm talking about... good job...
for those interested building a cert in *nix is pretty easy...
($:~)=> vi pst.cnf
RANDFILE = /etc/postfix/ssl/post.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ] C=countryName Two letters!
ST=stateOrProvinceName
L=localityName
O=organizationName
OU=OrganizationalUnitName
CN=commonName
emailAddress=emailAddress
[ cert_type ]
nsCertType = server
($:~)=> dd if=/dev/urandom of=./post.rand count=1 2>/dev/null
($:~)=> /usr/sbin/openssl req -new -x509 -days 365 -nodes \
-config ./pst.cnf -out ./post.pem -keyout ./post.pem
($:~)=> /usr/sbin/openssl gendh -rand ./post.rand 512 \ >>/etc/postfix/ssl/post.pem
($:~)=> /usr/sbin/openssl x509 -subject -dates -fingerprint -noout -in ./post.pem
And *Bamm* u got certs... which reminds me mine expire this month i need to do something about that.. |
_________________ tomorrow will be canceled due to lack of interest
|
|
|
|
creed
Veteran Dog


Joined: 08 Nov 2003 Age: 107 Posts: 6426
Location: A red dot in a blue sea
|
Posted:
Thu Jul 15, 2004 8:58 pm Post subject: |
|
Demon wrote:Heh. *giggle*
A quick Google for SSL Certificates has this article in fifth place already. 
can we say we rock? I knew we could |
_________________ The Seven faces of Creed
     
|
|
|
|
hericp
Butt Sniffer


Joined: 28 Mar 2003 Age: 44 Posts: 1293
Location: Morro Bay, CA
|
Posted:
Fri Jul 16, 2004 1:43 pm Post subject: |
|
Wow! great article. and what timing! recently i've started caring more about security and last night i even went so far as to get my own personal email certificate from Thawte. of course it's all still greek to me but this article was a big help. now get back to work on some follow up articles! |
_________________ -eric painter
|
|
|
|
Doomhammer
Leg Humper


Joined: 01 Jun 2004 Posts: 4700
Location: Utah
|
Posted:
Fri Aug 13, 2004 12:59 pm Post subject: |
|
Haven't read it yet, but I've been thinking about using SSL for my admin script I'm planning on writing. I'm sure this'll be a big help, since I know nothing of SSL at the moment, besides that it uses 128bit encryption... |
_________________ "The depth of your jealousy concerning my leetness astounds even me." - Ethan - CTRL+ALT+DEL
"Spare monies for a noob? Heal plz? How I mine for fish?" - Leo - VGCats # 160
"I hurt in my everywhere." - VGCats
Q: If a tree falls when nobody can hear it, does it make a sound?
A: Chuck Norris can hear it.
Lycander wrote:
see, the typical responses I see from Doomy follow a vein of: "wtf d00d, why are you doing it like that? do it like ME, because I'm ultimate roxxor LOLBBQ"
'Tis true LOL !
|
|
|
|
3Lark
Stray Dog
Joined: 23 Feb 2016 Age: 31 Posts: 1
|
Posted:
Wed Feb 24, 2016 1:37 am Post subject: |
|
I didn't realize SSl certificates were so old. I thought they were a new thing.
I have a question, how do I change the contents of an SSL certificate?
I see some people have https as their site address, how did they get this, by changing their SSL certificate? |
|
|
|
|
Slymer
Leg Humper


Joined: 29 May 2003 Age: 40 Posts: 4503
Location: Texas, land of good eatin
|
Posted:
Thu Feb 25, 2016 8:29 pm Post subject: |
|
some use self-signed. other buy their certs from the providers. Those with "official" certs don't have browsers griping about their sites using insecure certs. Most folks that run a personal server for giggles that uses SSL will use self-signed certs. Sites for businesses should use official certs as they loose credibility with customers if they use insecure certs as they are even less assured of their payments methods being secure. |
_________________ The Sly One
======================================
Windows is like crack. It feels good, it's easy to start into, it hooks you bad, it costs a ton of money, and it makes you crazy. And you still love it. - EdisonRex
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -- Albert Einstein
|
|
|
|
EdisonRex
Lead Dog


Joined: 06 May 2002 Posts: 10982
Location: 4 Corfe Close
|
Posted:
Wed Mar 09, 2016 6:29 pm Post subject: |
|
Welcome, 3Lark.
The https:// vs. http:// is actually which port you are telling your http server to listen on. 80 is http:// and 443 is https:// I have a server that doesn't listen on 80 at all except to redirect to 443.
As for certificates, well, there are some much cheaper sources for trusted certificates available. Generally the methods haven't changed since that article was written, but you could look to one of the cheaper cert providers like startssl.com or Let's Encrypt whose certs are as secure as those $600 ones.
BTW while you're getting your certs in place, mind your ciphers and upgrade your TLS and stop using SSL. And stop tracking mud across my nice clean floor |
_________________ Garret: It's so retro.
EGM: What does retro mean to you?
Parker: Like, old and outdated.
|
|
|
|
|