Certificate Options

6 posts / 0 new
Last post
#1 Fri, 06/15/2007 - 07:01
gte451f

Certificate Options

After Reading this thread(http://virtualmin.com/forums/message-view?message_id=46459), I was wondering if anyone can help with some follow up questions.

Godaddy sells a "Turbo" certificate for $17 dollars. Will this "Just Work" without a warning from typical browsers? DO I need to upgrade to the "High Assurance" certificate for $75 per year?

I don't need to verify who I am as a company, just encrypt data with a minimum of warnings for end users.

The next question, can I install a 2nd certificate on another domain hosted on my VPS?

Fri, 06/15/2007 - 08:17
ADobkin

GoDaddy Turbo certificates should work in most normal cases with a web server like Apache and a standard browser. So, it should work fine with regular web sites managed by Virtualmin.

However, it may not work (without a warning) in more complicated situations with a custom application or less popular browser. The reason is that they use intermediate certificates in a chain. They claim that this does not cause any installation or compatibility problems, but this is not true. The problem is that the browser/application has to support all the certificates in the chain, which is not always the case. For more information, see:

What is an intermediate certificate?
http://help.godaddy.com/article.php?article_id=868&topic_id=235

What happens if I don't install the intermediate certificate?
http://help.godaddy.com/article.php?article_id=870&topic_id=235

What is browser ubiquity?
http://help.godaddy.com/article.php?article_id=1139&topic_id=235

So, even though they claim their certificates offer 99% "browser ubiquity", the caveat is that you must install their intermediate certificate in your web server, and this is not always possible (i.e. not all servers support this).

Other related links:

http://www.rapidssl.com/ssl-certificate-support/ssl-faq.htm#8

http://www.google.com/checkout/ssl-certificates

http://blogs.technet.com/toml/archive/2007/03/26/pic-godaddy-certs.aspx

Fri, 06/15/2007 - 14:02
Joe
Joe's picture

Hey Jim,

Alan covered the chained certificate stuff pretty well, so I won't go into it much, except to say that all of the components of a Virtualmin system do work with a chained cert (including Webmin itself). Apache, Postfix, and Dovecot can all be configured to follow the chain--though all are configured in different ways, so it can be a bit tricky. ;-)

You can install as many certificates as you have IP addresses. SSL requires one IP per virtual host, because the certificate is exchanged and verified before any host information has been exchanged...so the certificate is always the same for each IP address.

--

Check out the forum guidelines!

Sat, 06/16/2007 - 14:34
gte451f

Thanks for the fast responses. I've signed up for a GoDaddy Turbo SSL. I know Bob Parson, the CEO and he cut me a deal on their regular price. Can you believe it's only $15 per year?!
<br/>
Anyway, now to install the thing. I attempted to check the SSL box for my soon to be secure domain and of course I get the message:
<br/><br/>
<i>Failed to modify server : SSL cannot be enabled unless a virtual IP interface or private port is enabled</i>
<br/><br/>
It sounds like I need an IP address dedicated and Joe words begin ringing in my ears:
<br/>

<i>"You can install as many certificates as you have IP addresses. SSL requires one IP per virtual host, because the certificate is exchanged and verified before any host information has been exchanged...so the certificate is always the same for each IP address."</i>

But Don't I have 1 IP address with my VPS? Or am I already using it for secure access to virtualmin via https://MyVps.com:10000?

So do I need to purchase an IP address? And can I get it from GoDaddy or should I go with my Hosting company, Leeware.com?

One snippit from GoDaddy is confusing:

<i>NOTE: Our SSL certificates include a dedicated hosting IP, so you do not need to purchase a dedicated IP credit separately if you are adding a certificate to your site.</i>

Thanks for your suggestions and helpful help!

Thu, 11/27/2008 - 10:19
KevinP

<b>JimJenkins wrote:</b>
<div class='quote'>After Reading this thread(http://virtualmin.com/forums/message-view?message_id=46459), I was wondering if anyone can help with some follow up questions.

Godaddy sells a &quot;Turbo&quot; certificate for $17 dollars. Will this &quot;Just Work&quot; without a warning from typical browsers? DO I need to upgrade to the &quot;High Assurance&quot; certificate for $75 per year?

I don't need to verify who I am as a company, just encrypt data with a minimum of warnings for end users.

The next question, can I install a 2nd certificate on another domain hosted on my VPS?</div>

Why you go with Chain Root SSL? I suggest Direct Root Level SSL cert like as Verisign, Thawte, rapidsslonline,.. One more thing I do use rapidsslonline.com products as they offer SSL in only $15 .. I thinks very cheap and best products they do have..

Sun, 12/07/2008 - 22:45 (Reply to #5)
sgrayban

chained or non-chained it doesn't matter because it is still SSL and 99% of the time top level certs cost 5 times the amount to achieve the same protection.

Topic locked