[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Kai Hendry wrote: > On 2006-08-24T12:57+0100 Simon Williams wrote: >>> I am sure you could do a neat SSL setup with VirtualDocumentRoot too. >> How do I get round the "this certificate is for someone else do you want >> to use it anyway?" thing? How do I dynamically configure different certs? > > I distantly remember there being different types of certs you can buy. > The common type is for one domain. Another sort of for multiple domains. > I might be wrong here. You can indeed by certs for wildcard domains, we can sell them at work (no one has bought any yet -- I suspect they are more work for Simon if someone does), that probably doesn't help the problem at hand unless all the domains are under a common root. http://resellers.tucows.com/wholesale_services/DigitalCertificates/trubizwild So that is; A cert for *.example.com would work for; me.example.com him.example.com But then I think the whole certificate thing is largely a scam, you are paying to avoid a pop-up that says this certificate is signed by someone who Microsoft (or Firefox) trusted enough to add freely, or take money from. For business users it is worth getting rid of the annoying pop-up, but the actual true trust added is minimal. Most certs are validated by an email -- so it says the person who is in control of this site, at some point had access to administrative email for the domain or compromised the webserver (and no one has notice they compromised it). Sure it might stop the most obvious phishing scams if people bother to check, but they work by catching people when they aren't thinking straight. Still all credence to the computer industry for having moved from selling lovingly handcrafted big numbers for small bucks (software), to small, machine generated numbers for bigger bucks. Call it innovation ;) -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html