SSL Certs

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Juicy D. Links
    So Fucking Banned
    • Apr 2001
    • 122992

    #1

    SSL Certs

    if i have one for a domain and i switch hosts do i need another one? or just use the RSA key from before?
  • juicylinks
    So Fucking Banned
    • Apr 2001
    • 122992

    #2
    yo

    Comment

    • juicylinks
      So Fucking Banned
      • Apr 2001
      • 122992

      #3
      hey yo

      Comment

      • juicylinks
        So Fucking Banned
        • Apr 2001
        • 122992

        #4
        My cock is shriveling up here

        Comment

        • PowerCum
          CjOverkill
          • Apr 2003
          • 1328

          #5
          If you have one per domain? and change your host?
          What do you mean?

          You can create the SSL certificates you want when you want. Just read the ssl documentation about how to create your own certificates.

          On a site I was running some time ago the SSL certificate changed every 6 hours with no problems.
          CjOverkill Traffic Trading Script
          Free, secure and fast traffic trading script. Get your copy now

          Comment

          • juicylinks
            So Fucking Banned
            • Apr 2001
            • 122992

            #6
            I have one from geotrust now on my domain blablabla.com

            IF i change hosts for blbla.com do i need to get another cert?

            Comment

            • PowerCum
              CjOverkill
              • Apr 2003
              • 1328

              #7
              If the domain is the same, the host does not matter (if you mean hosthahahahaIP)

              Even that, I suggest you to make your own certificate. You only have to run 3 commands on the terminal and you have a brand new certificate (and you are shure that nobody else database does have a copy of your private server key).

              My personal opinion is that buying a certificate (that you can make yourself in less that 2 minutes) from other company (that will charge you with lots of $$$) is just stupid.
              CjOverkill Traffic Trading Script
              Free, secure and fast traffic trading script. Get your copy now

              Comment

              • juicylinks
                So Fucking Banned
                • Apr 2001
                • 122992

                #8
                Originally posted by PowerCum
                If the domain is the same, the host does not matter (if you mean hosthahahahaIP)

                Even that, I suggest you to make your own certificate. You only have to run 3 commands on the terminal and you have a brand new certificate (and you are shure that nobody else database does have a copy of your private server key).

                My personal opinion is that buying a certificate (that you can make yourself in less that 2 minutes) from other company (that will charge you with lots of $$$) is just stupid.
                Powercum i like you i think i willmake you a honorary guido.

                I am ok with unix commands and so on. You got any resources on how to genarate it myself?

                Comment

                • PowerCum
                  CjOverkill
                  • Apr 2003
                  • 1328

                  #9
                  http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28
                  How to create your own certificate

                  http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29
                  How to create your own Certificate Authority.

                  I hope these faqs will help you.

                  Also check the mod-ssl main site.
                  http://www.modssl.org
                  CjOverkill Traffic Trading Script
                  Free, secure and fast traffic trading script. Get your copy now

                  Comment

                  • Thorin
                    Registered User
                    • May 2002
                    • 44

                    #10
                    Originally posted by PowerCum

                    My personal opinion is that buying a certificate (that you can make yourself in less that 2 minutes) from other company (that will charge you with lots of $$$) is just stupid.
                    There is that, but when you buy an actual SSL cert signed by a company like Verisign users can see that & feel comfortable that it's legit. Self-signed certs are okay for small things but they can still be fudged or forged if someone were to care to target you.

                    Comment

                    • Sputter
                      Registered User
                      • Feb 2003
                      • 61

                      #11
                      Originally posted by Thorin


                      There is that, but when you buy an actual SSL cert signed by a company like Verisign users can see that & feel comfortable that it's legit. Self-signed certs are okay for small things but they can still be fudged or forged if someone were to care to target you.
                      I agree!!! Verisign has the name behind it and they own Thawte too.

                      Sputter

                      Comment

                      • PowerCum
                        CjOverkill
                        • Apr 2003
                        • 1328

                        #12
                        To target me? What do you mean? to hack my server?

                        If you are about to hack someones server you do not care about who has signed his certificate. The only thing you care is what soft is running the box and what company does host it.

                        If you care about surfers, they do not know who verisign is. I personally trust a signature signed by domain.com that runs on domain.com instead of a signature signed by another-domain.com running on domain.com.

                        Also I have been on several Thawte security conferences, and I can asure you that their model of server security is ... installing their certificates your server is secure... WRONG! Installing a SSL certificate only makes the connection between the server and the user to be encrypted. This way it is supposed that if someone is sniffing the user connection the user data will be safe... WRONG! If he sniffs the surfer connection from the beeginning then he will have the same data the surfer's browser has to decrypt the page, just the hax0r will need a little more work to do that. If the hax0r is skilled enought, he will perform a man in the middle attack and he will not only decrypt the connection, but also will be able to modify parameters.

                        If you want to have a secure server, you have to really work your ass hard to secure the system. When I say secure the system, I mean that it's not only the Apache server, it's the whole system. Also, installing the newest patches is not a valid method to have a secure system, it only fixes some of the bugs. You have to tune up all the system services configuration, and make several extra patches.

                        If you want your tech unalphabetical surfers to think they are on a secure system, then install a ssl certificate and you are done, but for real security, the ssl certificate is something almost irrelevant and only stops stupid 16 years kids that think they 0wn th4 m4tr1x, and still the 16 years stupid kid will be able to hack the box if you only install the certificate and the rest is an out of the box install (default configuration).

                        If you want some extra security info

                        http://www.securityfocus.com
                        http://packetstorm.widexs.nl
                        CjOverkill Traffic Trading Script
                        Free, secure and fast traffic trading script. Get your copy now

                        Comment

                        Working...