From owner-freebsd-hackers Wed Feb 5 11:51:47 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2ECD837B401 for ; Wed, 5 Feb 2003 11:51:46 -0800 (PST) Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 484A643F9B for ; Wed, 5 Feb 2003 11:51:45 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0205.cvx21-bradley.dialup.earthlink.net ([209.179.192.205] helo=mindspring.com) by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 18gVa9-0003T8-00; Wed, 05 Feb 2003 11:51:42 -0800 Message-ID: <3E416AFA.85AF4F28@mindspring.com> Date: Wed, 05 Feb 2003 11:50:18 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Josef Karthauser Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Anyone where to get a signed SSL certificate cheap? References: <20030205181724.GB87471@genius.tao.org.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a43a0eef1364d984cda4658ee19fa88aafa2d4e88014a4647c350badd9bab72f9c350badd9bab72f9c Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Josef Karthauser wrote: > I know that this is slightly off topic, but maybe someone here could > advise me. > > I need to obtain a certificate to use on my openssl/apache web server, > but looking at Verisign and Thawte it appears that they're charging a > lot of money ($450) per year for one! Does anyone know where I can get > one cheaper? Last time I bought I'm sure that they were only $100/yr > each. This issue comes up on Slashdot every month or so, and there's a huge amount of people who have rendered opinions on it. The general answer is a process: 1) Identify the browsers you wish to be able to access your HTTPS content. 2) Examine them to determine the signing authorities which they recognize by default. 3) From the intersection set, pick whichever one is cheapest. Note that many people have older browsers: the older the browser, the smaller the number of signing authorities they will recognize by default. Keep this in mind when picking browsers to examine. As a general comment, VeriSign does this as well, and tends to get the signing authority to either raise their price, or, if they will not, buys them, and raises their price. Certificate signing is fast becoming a monopoly. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message