Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
If the SSL is all about encryption and public-private key, why we have multiple type of certificates(like regular and wildcard)?
Is there any third-party server in process of paid-certificates handshake?
The origin of the certificate does not matter for the TLS handshake itself. For the verification of the certificate it is only relevant if the issuing certificate agency is included in the applications or systems trust store. There are CA like Let's Encrypt which issue certificates for free and which are included in most systems trust store.
For the various types of certificates (wildcard etc) same can be said, i.e. it does not matter if this certificate was issued by a paid CA or not.
EV certificates are a bit different. These were historically considered special since the validation of the certificate owner was more tough and not everybody could get one. They were also more expensive due to this process. And only some CA would be able to issue such certificate and these CA where marked as such in the browsers But the relevance of these EV certificates is going down and some browsers already don't show them as special anymore.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
Due to a vulnerability in a WAF system we are required to rotate our SSL certificate on our website. we have to update the SSL certificate in several places.
My question, if I renew the SSL certificate from the CA and take time to deploy it on various servers. will this issue cause any outage on the site.
some of the places where I need to deploy:
WAF
Cloudfront
Nginx
As long as the old certificate is still valid (i.e. not expired and not revoked) it will continue to work so you can take some time to roll out the new certificate you've got. You can also run a mixed setup where some installations have the new certificate while others still have the old one.
While your specific use case is unknown it might be that due to the vulnerability the private key of the previous certificate was compromised which should (hopefully) lead to a quick revocation by the certificate. In this case you have to roll out the new certificates as fast as possible since due to the revocation clients might not accept the old certificate any longer.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
We have a SSL cert from Symantec for foo.bar.com. Now we want our site to be know as foo.baz.com while still maintaining the old name. Both bar.com and baz.com resolve to the same IP. If I go to foo.baz.com it says the site is not secure. How I can use the same cert for both domain names when they are the same IP?
You have already purchased SSL certificate for foo.ar.com but not for foo.baz.com that's why it says 'site is not secure'.
Symantec SSL certificates are giving support for SAN (Subject Alternative Names) so you can manage multi domain names with single Symantec SSL certificate so add you domain name foo.baz.com in existing SSL certificate.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I will buy a sll certificate and I will put on my server, what will happen except the transition from http to https?
If I will use openssl to secure connections instead of ssl certificate?
I will buy a sll certificate and I will put on my server, what will happen except the transition from http to https?
There's more to it than that, the server also needs to start serving on port 443 and ssl support needs to be turned on.
If I will use openssl to secure connections instead of ssl certificate?
They're not alternatives to each other. You need both a ssl certificate and an ssl library.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 9 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I own a domain at my DNS provider. I've pointed it to my house. My house keeps the IP address at the domain updated through dynamic DNS, so the A record always points to my IP address. I run OpenVPN at my house so I can connect from elsewhere. It's using a self-signed certificate. So, of course, I get SSL warnings when I connect.
My question is, Can I obtain an SSL certificate from StartSSL (free), set it up on OpenVPN, and get my browser to recognize the certificate as valid? For that matter, can I get any SSL certifcate to validate for any personal, development site I might set up at home in this situation? (OpenVPN.example.com, TestSite.example.com, etc)
(OpenVPN is not using port 443 or port 80, because I've heard that ISPs don't like it when you use those...)
The short answer is Yes. When creating a SSL certificate request you set the "common name" to the DNS name of the host. You can change the type of DNS record (e.g. A, CNAME, etc.) or record value (e.g. 192.168.1.2) at anytime as long as the record name (e.g. vpn.example.com) is the same.
For a browser to recognize a SSL certificate (not give warnings upon connection) a matching Certificate Authority (CA) must ship (or be manually added) to your browser or OS. To avoid SSL warnings with self-signed certificates you could instead provision a cert using a local/custom CA and install its root certificate on any necessary computers.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
How come the prices on SLL certificates are so drastically varied? GoDaddy and Namecheap for example have them starting at $9 and $49 respectively. Then Verisign has them starting at $1500!
What's the difference? That's a huge price difference.
I have an application where each user account is on it's own subdomain, and so I need a certificate that covers them all.
Thoughts, suggestions?
The actual differences are:
Price
Support
Level of Certificate Validation
Who/what trusts the Root CA
Really, It all comes down to the Root CA (Certificate Authority).
Verisign's Root CA is trusted by pretty much every device and browser out there.
If you purchase a certificate from (say) GoDaddy, then it will probably be trusted by your major browsers and operating systems. However, if you need SSL certificates to work on a particular brand of set-top-box, or mobile device, then you need to find out what Root CA's they trust.
While the certificate from an untrusted Root CA will still be perfectly valid, the device (browser, gadget, whatever) has no way to verify that it's a legitimate certificate.
I believe the cost of an SSL cert generally comes down to things like encryption strength, issue time, update time, support, warranty, and things of that nature.
With regard to users on sub domains how about a wildcard ssl certificate from Comodo? Expensive but will cover your entire site in one hit.
http://www.instantssl.com/ssl-certificate-products/ssl/ssl-certificate-sgc-wildcard.html
Edit Found a comparison site http://www.whichssl.com/comparisons/index.html
there are diffrent types of levels of ssl, meaning more verified = more money in short...
It's all about the marketing. A Godaddy cert will get you just as far as a Verisign one (I know, I've had both).