Hello anyone used OpenSSL before? Why do we need to pay for expensive SSL certs when there is OpenSSL which is provided free? Is there a difference? I''ve got an ecommerce website, and wondering if OpenSSL is enough? Your thoughts will be appreciated -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at groups.google.com/group/rubyonrails-talk?hl=en.
On Sep 8, 7:24 am, Christian Fazzini <christian.fazz...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hello anyone used OpenSSL before? > > Why do we need to pay for expensive SSL certs when there is OpenSSL > which is provided free? Is there a difference? > > I''ve got an ecommerce website, and wondering if OpenSSL is enough? > > Your thoughts will be appreciatedOpenssl is a library for performing various encryption tasks, so (other than the fact that it can manipulate them) it hasn''t got much to do with ssl certs. The problem with a self signed cert (which openssl can generate for you) or something like a cacert is that most users won''t have the root certificate on their machine so will see a ''untrusted certificate'' warning when they visit your site (and of course this also means that you''re open to a man in the middle type attack) Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at groups.google.com/group/rubyonrails-talk?hl=en.
My domain registrar has Geotrust RapidSSL for $10 / year. Is this good enough SSL? Any other recommendations? On Sep 8, 3:01 pm, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Sep 8, 7:24 am, Christian Fazzini <christian.fazz...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> > wrote: > > > Hello anyone used OpenSSL before? > > > Why do we need to pay for expensive SSL certs when there is OpenSSL > > which is provided free? Is there a difference? > > > I''ve got an ecommerce website, and wondering if OpenSSL is enough? > > > Your thoughts will be appreciated > > Openssl is a library for performing various encryption tasks, so > (other than the fact that it can manipulate them) it hasn''t got much > to do with ssl certs. The problem with a self signed cert (which > openssl can generate for you) or something like a cacert is that most > users won''t have the root certificate on their machine so will see a > ''untrusted certificate'' warning when they visit your site (and of > course this also means that you''re open to a man in the middle type > attack) > > Fred-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at groups.google.com/group/rubyonrails-talk?hl=en.
The two ends of the spectrum: - Verisign (verisign.com): probably regarded as one of the most trusted SSL providers, but it certainly reflects in their pricing - StartSSL (startssl.com): even provides a free certificate (trusted by browsers afaik), it''s more limited of course, but hey, that''s what free will give you RapidSSL leans more towards StartSSL than Verisign. Also don''t forget you need a dedicated IP in order for your certificate to work properly! On 08 Sep 2010, at 10:08, Christian Fazzini wrote:> My domain registrar has Geotrust RapidSSL for $10 / year. Is this good > enough SSL? Any other recommendations? > > On Sep 8, 3:01 pm, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> > wrote: >> On Sep 8, 7:24 am, Christian Fazzini <christian.fazz...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> >> wrote: >> >>> Hello anyone used OpenSSL before? >> >>> Why do we need to pay for expensive SSL certs when there is OpenSSL >>> which is provided free? Is there a difference? >> >>> I''ve got an ecommerce website, and wondering if OpenSSL is enough? >> >>> Your thoughts will be appreciated >> >> Openssl is a library for performing various encryption tasks, so >> (other than the fact that it can manipulate them) it hasn''t got much >> to do with ssl certs. The problem with a self signed cert (which >> openssl can generate for you) or something like a cacert is that most >> users won''t have the root certificate on their machine so will see a >> ''untrusted certificate'' warning when they visit your site (and of >> course this also means that you''re open to a man in the middle type >> attack)Best regards Peter De Berdt -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at groups.google.com/group/rubyonrails-talk?hl=en.
Openssl is a library, what you pay for is, a certificate from a know certificate authority that is , a certificate created by someone like verysign because all browser know them and will not alert the user that the site is unknown/untrusted, so if you create you own certificate with openssl and you have an ecomerce site it will be a problem since all the browser will alert users that your site has an untrusted certificate and most user will not continue to your site, so that is why you have to buy a certificate from a known CA. Verysign is expensive but there are cheaper know CAs On Wed, Sep 8, 2010 at 5:50 AM, Peter De Berdt <peter.de.berdt-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>wrote:> The two ends of the spectrum: > > - Verisign (verisign.com): probably regarded as one of the > most trusted SSL providers, but it certainly reflects in their pricing > - StartSSL (startssl.com): even provides a free certificate > (trusted by browsers afaik), it''s more limited of course, but hey, that''s > what free will give you > > RapidSSL leans more towards StartSSL than Verisign. Also don''t forget you > need a dedicated IP in order for your certificate to work properly! > > On 08 Sep 2010, at 10:08, Christian Fazzini wrote: > > My domain registrar has Geotrust RapidSSL for $10 / year. Is this good > enough SSL? Any other recommendations? > > On Sep 8, 3:01 pm, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> > wrote: > > On Sep 8, 7:24 am, Christian Fazzini <christian.fazz...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> > > wrote: > > > Hello anyone used OpenSSL before? > > > Why do we need to pay for expensive SSL certs when there is OpenSSL > > which is provided free? Is there a difference? > > > I''ve got an ecommerce website, and wondering if OpenSSL is enough? > > > Your thoughts will be appreciated > > > Openssl is a library for performing various encryption tasks, so > > (other than the fact that it can manipulate them) it hasn''t got much > > to do with ssl certs. The problem with a self signed cert (which > > openssl can generate for you) or something like a cacert is that most > > users won''t have the root certificate on their machine so will see a > > ''untrusted certificate'' warning when they visit your site (and of > > course this also means that you''re open to a man in the middle type > > attack) > > > Best regards > > > Peter De Berdt > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> > . > For more options, visit this group at > groups.google.com/group/rubyonrails-talk?hl=en. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at groups.google.com/group/rubyonrails-talk?hl=en.