[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Re: Secure Certificate

Subject: Re: [cobalt-developers] Re: Secure Certificate
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Wed Jul 17 11:13:01 2002
Organization: nobaloney.net
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

Ontario Web System Administrator wrote:

> How dose some other servers I see run ssl under there servers for there
> clients with the certificate from root ???

I'm not sure what you mean.

Do you mean a secure cert to administer the server?  Or do you mean a
secure cert for your clients to be able to have secure pages for their
customers to pay them?

If the former, you just either buy or self-issue a cert for your main
site, and then whenever any of your clients try to administer their site
through the gui interface they'll use your site cert.  But they WILL get
an error message from their browser telling them it's a cert for your
domain; not theirs.  And if it's a self-issued cert, they'll get a
warning for that as well.

If the latter, then the best thing to do, and what many other hosting
companies do, is to buy a cert for a "secure site" you set up on your
server, for example you could create a site on your server called
"secure.ontarioweb.ca".  Then each of your clients would have a secure
site at, for example "https://secure.ontarioweb.ca/nobaloney.net/";;
you'd simply create a folder under the
/home/sites/secure.ontarioweb.ca/web/ for "nobaloney.net" and a user
named, for example, nobaloney.  Then in the /etc/passwd file (as root)
you'd change the user's homepage to
/home/sites/secure.ontarioweb.ca/web/nobaloney.net?.  Then your client
could ftp his secure site using his new username you just gave him
specifically for the secure site, and link to his secure site.

What you CANNOT do is buy a cert that would work for any domain on your
Raq.  While most of us think of secure sites as encrypting data, they
have another function as well; they assure you that you've reached the
site you wanted to reach. Cert issuers (we issue certs <smile>) verify
your identity and your right to use the domain name before they issue
the site.  If they didn't, you could (for example), buy the domain
"micorsoft.com", get a secure site for "secure.micorsoft.com", and steal
business and money from everyone who mistypes the name "microsoft". 
It's called due diligence <smile>.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA  92517
voice: +1 909 778-9980  *  fax: +1 909 548-9484

Follow-Ups:
- Re: [cobalt-developers] Thanks Jeff Re: Secure Certificate
  - From: Ontario Web System Administrator

References:
- [cobalt-developers] Secure Certificate
  - From: Ontario Web System Administrator
- Re: [cobalt-developers] Secure Certificate
  - From: Taco Scargo
- Re: [cobalt-developers] Re: Secure Certificate
  - From: Ontario Web System Administrator

Prev by Date: RE: [cobalt-developers] Qube3 Upgrade to Tomcat 4.x and MySql 3.23.5x MAX
Next by Date: [cobalt-developers] [cobalt-users] RAQ 550 shell tools
Previous by thread: RE: [cobalt-developers] Re: Secure Certificate
Next by thread: Re: [cobalt-developers] Thanks Jeff Re: Secure Certificate

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index