|
Posted by =?Utf-8?B?THVja3lwb2xv?= on June 22, 2007, 9:59 am
If you were Registered and logged in, you could reply and use other advanced thread options
I have still some comments below:
> > C. Ordering a certificate for an individual DNS name - it is relatively
cheap.
> > I guess the coming question needs rather to search for the prices on the CA
> > websites, but perhaps you know:
> > When we have - let's say - 30 instalations: is the variant C (with 30
> > individual certificates) still cheaper than the variant B (with wild card
> > cert)?
>
> Again, I doubt that a commercial vendor would authorize the certificate for
> use on 30 *separate* machines. Now if one machine is hosting 30 sites, then
> yes, it is possible.
I thought here about 30 certificates for 30 machines - for each machine I
order a separate certificate. (and not 1 certificate for 30 machines)
So.. with the costs comparison I will check the CA prices.
> > D. Making our own root CA, but with our self-signed ceritficate. Then on the
> > machines running the client's applications "our root CA" should be somehow
> > added to the trusted agencies.
>
> This is the interesting statement.
> - *Who* will be accessing the SSL-protected sites?
> - *What* OS or browser is used to access the site?
> - Do you have an Active Directory forest?
> - Are all clients that connect to the application members of the forest?
Applications from outside - may be different vendors on different machines.
I mean machines who are not in the same Active Directory.
> Even if they are not members of the forest, you can add the root CA
> certificate to the trusted root store. This is all dependent on the OS,
> browser, etc. If on a Windows platform, "certutil -addstore Root
> <certfile>" will add the root to the trusted root store.
So I think it is a case.
> Brian
Thanks a lot!
| 
XML site map