You are not logged in.

#1 2010-01-07 03:57:59

delerious010
Member
From: Montreal
Registered: 2008-10-07
Posts: 72

Web hosting and ssl certificates

I was wondering whether there might be any anyone here with an opinion / experience on the following ...

I've recently started working at a new place where they offer web hosting services for webstores to their clients. And, for each web store, they order a new SSL certificate from a trusted third pary.

Now, I've never worked with web hosting before, but looking at this I've been wondering why they havn't just created their own CA and gotten that signed and then issued their own certificates from it.

I'm thinking this would offer obvious ( quite hefty ) cost benefits at the expense of some performance decreases due to the extra intermediate certificate ..

Now I was wondering if anyone would be able to provide some information / experiences / etc.. why this alternative would be either a good or bad idea ? Or whether it's even possible to begin with. My experience with SSL certs has been mostly high level .. as in I understand the general mechanism but lack the experience with them.

Anyhow, before I setup a bunch of vhosts on a test machine and try to test out this theory, I'd love to hear anything yall might have ot say on the subject.

Regards,
- Jon.

Offline

#2 2010-01-08 04:19:13

kermana
Member
Registered: 2009-04-13
Posts: 60

Re: Web hosting and ssl certificates

Hi !

Well I am no expert, but from what I understand, if you don't purchase a certificate from a trusted vendor, the browser displays a warning and the user will have to add an exception to view the page. Check this site:
http://www.sslshopper.com/ssl-certifica … ility.html

Basicly say I run a server A with a real trusted certificate and some hacker redirects my domain to server B. He will not be able to fake as my server A since no trusted certificate vendor will issue a hacker a valid certificate. You usually need to be able to present government papers for the background checks CA's perform. As you said anyone can be a CA but the browsers won't automatically recognize it.  This is what I understand anyway smile

Offline

#3 2010-01-08 09:11:08

wuischke
Member
From: Suisse Romande
Registered: 2007-01-06
Posts: 630

Re: Web hosting and ssl certificates

A certificate costs about 10€ (e.g. https://www.servertastic.com/order/rapidssl/), if you shop at the right places. Unless your volume is high enough, it might just be cheaper to buy. If you're a very high volume customer, the CAs offer big rebates.

It is possible to create a chained root certificate - your certificate owns the trust of the signing CA and the browser won't display a warning. (Comodo for instance has a chained root cert.) Due to the dependency on the root CA, there is the risk that when the root CA expires, you have to redo all certificates with a new root CA.

I have no idea how much this costs or whom to contact, but I, too, guess it will neither be easy nor cheap.

Offline

#4 2010-01-08 09:15:24

rusty99
Member
Registered: 2009-03-18
Posts: 253

Re: Web hosting and ssl certificates

Edit: read fully before posting smile

Last edited by rusty99 (2010-01-08 09:16:27)

Offline

Board footer

Powered by FluxBB