On Thu, Feb 3, 2011 at 1:21 PM, L. V. Lammert <span dir="ltr"><<a href="mailto:lvl@omnitec.net">lvl@omnitec.net</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">At 01:08 PM 2/3/2011, you wrote:<br>
>TLS does not care if the cert has expired.<br>
<br>
</div>That would explain the situation, .. thanks!<br>
<div class="im"><br>
>There are a lot of cheap certificates available, but not all the<br>
>cheap ones are recognized by all browsers (ask me how I know). Do<br>
>your homework if it is a public-facing cert.<br>
<br>
</div>Having dealt with GeoTrust on a renewal last month (they don't<br>
provide the intermediate cert with a renewal!), .. have you ever<br>
tried Startcom? What do you consider the best cost/browser validation source?<br>
<br>
</blockquote></div><div><br></div>I've use <a href="http://cert.startcom.org/">http://cert.startcom.org/</a> and it works fine for the purposes I've tried it.<div><br></div><div>Remember that properly configured SSL serves two purposes:</div>
<div><br></div><div> 1. Provide an encrypted connection</div><div> 2. Verify the identity of who you are connecting to</div><div><br></div><div>Self signed SSL only does the first. If you get an e-mail from some company that says it is paypal and you click the link (don't do that) how will you know if it's really paypal? You check the name on the cert. If the cert is trusted by your browser and it says that you're dealing with paypal then you're on the right site.</div>
<div><br></div><div>In today's world of phishing and spoofing and bad stuff, trust is pretty important. IMHO. I use commercial certs for things I care about.</div><div><br></div><div>As a side note, we discussed ssl performance on the list in Dec. 2048 bit commercial certs can provide much better performance than other certs.<br clear="all">
<br>-- <br>Matthew Nuzum<br>newz2000 on freenode, skype, linkedin, <a href="http://identi.ca" target="_blank">identi.ca</a> and twitter<br><br>"An investment in knowledge pays the best interest." -Benjamin Franklin <br>
<br>
</div>