Date: Sat, 11 Jul 1998 05:54:37 +0100 (BST) From: Glynn Clements <glynn@sensei.co.uk> To: "Numard (Norberto Meijome)" <numard@smartmedia.com.ar> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Secure commerce? Message-ID: <13734.61453.441391.493813@cerise.sensei.co.uk> In-Reply-To: <35A6D02E.C9E4D556@smartmedia.com.ar> References: <35A6D02E.C9E4D556@smartmedia.com.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Numard (Norberto Meijome) wrote: > i'm interested in setting up an https server to do web commerce. The > server is in USA. I'm actually running apache. I was planning to install > apache-ssl (w/ ssl-Leavy). > Now, what would be the right procedure to follow? do i have to get a > server-id from verisign or can i create my own with the ssl-leavy soft? You need to have your public key certified by an authority which is recognised by the popluar web browsers if you want Joe User to trust it. Otherwise the browser will pop up a warning saying that it doesn't recognise the certifying authority, which is enough to scare off the average user. There was talk on slashdot.org that VeriSign were giving up their boycott of Apache-SSL. However, I believe that the recent browsers recognise other authorities (e.g. Thawte), most of whom are cheaper than Verisign. > Any known problems with apache 1.3 + ssl? A potential weakness in existing SSL implementations was posted to BugTraq within the past week or so. However, it requires approximately one million connections to retrieve a single session key. So it's more of a theoretical concern than a practical one. Also, a fix is already available for SSLeay. -- Glynn Clements <glynn@sensei.co.uk> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13734.61453.441391.493813>