hi, any advice on who to buy SSL certificats from and how to install them? my site is hosted on a dedicated linux box for which I have root access. i''m not sure if there is much difference between the cheap and the expensive suppliers. does it matter who you choose? are they hard to install? all advice much appreciated... -john -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hey John, I launching an internet e-commerce site where we will be taking payments. I''ve been doing a lot of research on this. I spoke to Verisign and Thawte (owned by Verisign) who have this technology to step up old browsers to 128 bit encryption if they are lower. That service costs $600 with Thawte and $1000 with Verisign. There normal SSL service is a few hundred dollars less. In any case, NO the ssl certificate authorities don''t really matter. You want to make sure that its well known so that browsers don''t popup a certificate acceptance notice. With that said, we went with comodo at instantssl.com, you can even get the plan to step people up to 128 bit for like 250 which is much cheaper. Verisign was the first and most recognized, but for now my company probably won''t even put up the SSL logo. Now, if you are doing something small, just go with a comodo''s lowest plan which is around $100, MOST browsers are 128bit and higher anyways. Hope this helps. -Aryk -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I''ve been using certs from godaddy for several years on multiple projects. No problems yet. For Rails projects, I use pound as a front end that handles the encryption/decryption, and then passes the rest of the processing off to mongrel or lighttpd. It''s fairly easy to setup if you''re familiar with SSL. The pound mailing list would also be a good source of assistance if needed. The godaddy instructions that come with the certificates did NOT include instructions for installation with pound the last time I bought one 6 months ago. John Henderson wrote:> hi, > > any advice on who to buy SSL certificats from and how to install them? > > my site is hosted on a dedicated linux box for which I have root access. > > i''m not sure if there is much difference between the cheap and the > expensive suppliers. > does it matter who you choose? > > are they hard to install? > > all advice much appreciated... > > -john > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Aryk Grosz wrote:> Hey John, > > I launching an internet e-commerce site where we will be taking > payments. I''ve been doing a lot of research on this. > > I spoke to Verisign and Thawte (owned by Verisign) who have this > technology to step up old browsers to 128 bit encryption if they are > lower. That service costs $600 with Thawte and $1000 with Verisign. > > There normal SSL service is a few hundred dollars less. > > In any case, NO the ssl certificate authorities don''t really matter. You > want to make sure that its well known so that browsers don''t popup a > certificate acceptance notice. > > With that said, we went with comodo at instantssl.com, you can even get > the plan to step people up to 128 bit for like 250 which is much > cheaper. > > Verisign was the first and most recognized, but for now my company > probably won''t even put up the SSL logo. > > Now, if you are doing something small, just go with a comodo''s lowest > plan which is around $100, MOST browsers are 128bit and higher anyways. > Hope this helps. -Arykcheers:) i got stung for a huge Verisgn fee many years ago and I was wondering if there was anything missing if I went with one of these $100 certificates, but if they''re all much the same then that''s great. when i buy it, is there much to do to install it? -john -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Aryk Grosz wrote:> Hey John, > > I launching an internet e-commerce site where we will be taking > payments. I''ve been doing a lot of research on this. > > I spoke to Verisign and Thawte (owned by Verisign) who have this > technology to step up old browsers to 128 bit encryption if they are > lower. That service costs $600 with Thawte and $1000 with Verisign. > > There normal SSL service is a few hundred dollars less. > > In any case, NO the ssl certificate authorities don''t really matter. You > want to make sure that its well known so that browsers don''t popup a > certificate acceptance notice. > > With that said, we went with comodo at instantssl.com, you can even get > the plan to step people up to 128 bit for like 250 which is much > cheaper. > > Verisign was the first and most recognized, but for now my company > probably won''t even put up the SSL logo. > > Now, if you are doing something small, just go with a comodo''s lowest > plan which is around $100, MOST browsers are 128bit and higher anyways. > Hope this helps. -Aryk > >I''ve been using godaddy''s $19.99/year certs for several years on projects with users with all kinds of browsers. I really don''t see any reason why anyone would spend several hundred (or even one hundred) dollars when they don''t need to. I would strongly recommend *against* Verisign for anything and everything they offer. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Jon Garvin wrote:> Aryk Grosz wrote: >> >> >> Now, if you are doing something small, just go with a comodo''s lowest >> plan which is around $100, MOST browsers are 128bit and higher anyways. >> Hope this helps. -Aryk >> >> > I''ve been using godaddy''s $19.99/year certs for several years on > projects with users with all kinds of browsers. I really don''t see any > reason why anyone would spend several hundred (or even one hundred) > dollars when they don''t need to. I would strongly recommend *against* > Verisign for anything and everything they offer.$20 a year sounds good to me! i''ve just had a look at their site and I think i''ll go with them... thanks -john -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
what do you think about create a own SSL certificate ? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
nick wrote:> what do you think about create a own SSL certificate ? >That''s perfectly fine - for testing or, perhaps, internal-only use. For a real site, you need a cert signed by a CA who''s cert comes with the user''s browser, else you''ll get security warnings (any anybody with any sense won''t start typing in their credit-card info if that happens =) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Benjamin Ritcey wrote:> > That''s perfectly fine - for testing or, perhaps, internal-only use. For > a real site, you need a cert signed by a CA who''s cert comes with the > user''s browser, else you''ll get security warnings (any anybody with any > sense won''t start typing in their credit-card info if that happens =)godaddy are recognized from browsers? but if you don''t need credit card but just a SSL for login ? it''s always a secure connection, also if it''s own made, obviously if someone has to pay it''s different... :) -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
nick wrote:> Benjamin Ritcey wrote: >> That''s perfectly fine - for testing or, perhaps, internal-only use. For >> a real site, you need a cert signed by a CA who''s cert comes with the >> user''s browser, else you''ll get security warnings (any anybody with any >> sense won''t start typing in their credit-card info if that happens =) > > godaddy are recognized from browsers? > but if you don''t need credit card but just a SSL for login ? it''s always > a secure connection, also if it''s own made, obviously if someone has to > pay it''s different... :) >godaddy has a CA cert in Firefox, not sure about IE - they''re claiming 99% browser recognition. If SSL is just for login, it''s still a bad idea to self-sign - again, it''s fine for dev/internal-only site, but for a "real" site, users may (rightfully) think their credentials are trying to be hi-jacked. If you _are_ doing internal-only apps w/ SSL, your best bet is to generate your own CA cert & have it installed in the end user''s browsers - that way you can use that to generate multiple legitimate site certs. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Benjamin Ritcey wrote:> nick wrote: >> > godaddy has a CA cert in Firefox, not sure about IE - they''re claiming > 99% browser recognition. > > If SSL is just for login, it''s still a bad idea to self-sign - again, > it''s fine for dev/internal-only site, but for a "real" site, users may > (rightfully) think their credentials are trying to be hi-jacked. > > If you _are_ doing internal-only apps w/ SSL, your best bet is to > generate your own CA cert & have it installed in the end user''s browsers > - that way you can use that to generate multiple legitimate site certs.ok, thanks... i think I''ll use godaddy too :) -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---