Hello, I've got a client who wants to go ssl. He's running a web server, smtp/pop, and ftps and imaps is coming as well. I'm looking for a wildcard ssl certificate i believe it's called but one on the budget plan. I am also wanting to ensure that the mod_ssl with httpd on the server is only using the strongest encryption methods and protocols. Thanks. Dave.
Paul Heinlein
2009-Aug-26 13:57 UTC
[CentOS] ssl certificate, maximum protection, on the budget?
On Tue, 25 Aug 2009, Dave wrote:> I've got a client who wants to go ssl. He's running a web server, > smtp/pop, and ftps and imaps is coming as well. I'm looking for a > wildcard ssl certificate i believe it's called but one on the budget > plan. I am also wanting to ensure that the mod_ssl with httpd on the > server is only using the strongest encryption methods and protocols.RapidSSL will see you a wildcard certificate for about $200: http://www.rapidssl.com/ssl-certificate-products/rapidssl/usd/wildcard-ssl-certificate.htm Configuring mod_ssl for decent crypto is pretty easy. This recipe has worked well for me: SSLProtocol +SSLv3 +TLSv1 SSLCipherSuite HIGH:MEDIUM You can see what you're getting by using the "openssl ciphers" command, e.g., openssl ciphers -v 'MEDIUM:HIGH' -- Paul Heinlein <> heinlein at madboa.com <> www.madboa.com