[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] SSL certificates for multiple domains

Subject: Re: [cobalt-developers] SSL certificates for multiple domains
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Wed Aug 8 20:03:00 2001
Organization: nobaloney.net
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

Adrian Parker wrote:

> > Is this certificate automatically recognized by all browsers, as are the
> > ones I mentioned?
> 
> We resell for Tucows, who I assume follows some form of standards.  We've
> never had complaints anyway.

The Tucows certs are recognized by just about all current browsers. 
Some aren't.

> You were talking about Secure Certificates right?  I can't see any browser
> written to specs having trouble with any certificate.  For that matter, I'm
> not entirely certain the browser needs much in the way of compatibility.

It's got nothing to do with specs or compatibility.  Most of us presume
that the purpose of a certificate is to encrypt data; that's not really
true.  The purpose of a certificate is to guarantee that the site you
think you're at is indeed the site you're at.  To do that, the cert
issuer first verifies the identity of the site-owner, then encrypts the
data to make sure no one can get in the middle and forge information.

So first the browser has to trust the certificate issuer, or the entire
scheme is worthless.  If the cert didn't have to come from a trusted
issuer, than anyone could issue a cert and claim to be (for example)
Microsoft, then change DNS to make sure all Microsoft requests go to
him.

So in each browser there's a list of "trusted" cert issuers.  Since I
didn't see the name of a trusted cert issuer on your page, I thought I'd
ask.

BTW, Equifax certs are NOT trusted by many browsers; they also give you
a cert that is, and point their cert to the one that is.  It's a
two-step cert.

The "FreeSSL" cert is only trusted by Microsoft browsers 5.0 and above. 
When I go to a site protected by a "FreeSSL" cert using a Netscape or
Opera browser, the browser tells me the certificate is untrusted.

> I've never delved into the technical details of how they work though to be
> honest.

Should, if you sell 'em <smile>.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

Follow-Ups:
- Re: [cobalt-developers] SSL certificates for multiple domains
  - From: Adrian Parker

References:
- [cobalt-developers] SSL certificates for multiple domains
  - From: Gareth Watkins
- Re: [cobalt-developers] SSL certificates for multiple domains
  - From: Adrian Parker
- Re: [cobalt-developers] SSL certificates for multiple domains
  - From: Jeff Lasman
- Re: [cobalt-developers] SSL certificates for multiple domains
  - From: Adrian Parker

Prev by Date: Re: [cobalt-developers] RaQ4 & backup
Next by Date: [cobalt-developers] RaQ4 kernel question
Previous by thread: Re: [cobalt-developers] SSL certificates for multiple domains
Next by thread: Re: [cobalt-developers] SSL certificates for multiple domains

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index