SSL Certs - GoFuckYourself.com

Juicy D. Links · 04-24-2003, 03:19 PM

if i have one for a domain and i switch hosts do i need another one? or just use the RSA key from before?

Juicy D. Links · 04-24-2003, 03:25 PM

Juicy D. Links · 04-24-2003, 03:32 PM

hey yo

Juicy D. Links · 04-24-2003, 03:35 PM

My cock is shriveling up here

PowerCum · 04-24-2003, 03:40 PM

If you have one per domain? and change your host?
What do you mean?

You can create the SSL certificates you want when you want. Just read the ssl documentation about how to create your own certificates.

On a site I was running some time ago the SSL certificate changed every 6 hours with no problems.

Juicy D. Links · 04-24-2003, 03:42 PM

I have one from geotrust now on my domain blablabla.com

IF i change hosts for blbla.com do i need to get another cert?

PowerCum · 04-24-2003, 03:47 PM

If the domain is the same, the host does not matter (if you mean hosthahahahaIP)

Even that, I suggest you to make your own certificate. You only have to run 3 commands on the terminal and you have a brand new certificate (and you are shure that nobody else database does have a copy of your private server key).

My personal opinion is that buying a certificate (that you can make yourself in less that 2 minutes) from other company (that will charge you with lots of $$$) is just stupid.

Juicy D. Links · 04-24-2003, 03:49 PM

Quote:

Originally posted by PowerCum
If the domain is the same, the host does not matter (if you mean hosthahahahaIP)

Even that, I suggest you to make your own certificate. You only have to run 3 commands on the terminal and you have a brand new certificate (and you are shure that nobody else database does have a copy of your private server key).

My personal opinion is that buying a certificate (that you can make yourself in less that 2 minutes) from other company (that will charge you with lots of $$$) is just stupid.

Powercum i like you i think i willmake you a honorary guido.

I am ok with unix commands and so on. You got any resources on how to genarate it myself?

PowerCum · 04-24-2003, 03:57 PM

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28
How to create your own certificate

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29
How to create your own Certificate Authority.

I hope these faqs will help you.

Also check the mod-ssl main site.
http://www.modssl.org

Thorin · 04-24-2003, 05:23 PM

Quote:

Originally posted by PowerCum

My personal opinion is that buying a certificate (that you can make yourself in less that 2 minutes) from other company (that will charge you with lots of $$$) is just stupid.

There is that, but when you buy an actual SSL cert signed by a company like Verisign users can see that & feel comfortable that it's legit. Self-signed certs are okay for small things but they can still be fudged or forged if someone were to care to target you.

Sputter · 04-24-2003, 05:26 PM

Quote:

Originally posted by Thorin

There is that, but when you buy an actual SSL cert signed by a company like Verisign users can see that & feel comfortable that it's legit. Self-signed certs are okay for small things but they can still be fudged or forged if someone were to care to target you.

I agree!!! Verisign has the name behind it and they own Thawte too.

Sputter

PowerCum · 04-25-2003, 01:42 AM

To target me? What do you mean? to hack my server?

If you are about to hack someones server you do not care about who has signed his certificate. The only thing you care is what soft is running the box and what company does host it.

If you care about surfers, they do not know who verisign is. I personally trust a signature signed by domain.com that runs on domain.com instead of a signature signed by another-domain.com running on domain.com.

Also I have been on several Thawte security conferences, and I can asure you that their model of server security is ... installing their certificates your server is secure... WRONG! Installing a SSL certificate only makes the connection between the server and the user to be encrypted. This way it is supposed that if someone is sniffing the user connection the user data will be safe... WRONG! If he sniffs the surfer connection from the beeginning then he will have the same data the surfer's browser has to decrypt the page, just the hax0r will need a little more work to do that. If the hax0r is skilled enought, he will perform a man in the middle attack and he will not only decrypt the connection, but also will be able to modify parameters.

If you want to have a secure server, you have to really work your ass hard to secure the system. When I say secure the system, I mean that it's not only the Apache server, it's the whole system. Also, installing the newest patches is not a valid method to have a secure system, it only fixes some of the bugs. You have to tune up all the system services configuration, and make several extra patches.

If you want your tech unalphabetical surfers to think they are on a secure system, then install a ssl certificate and you are done, but for real security, the ssl certificate is something almost irrelevant and only stops stupid 16 years kids that think they 0wn th4 m4tr1x, and still the 16 years stupid kid will be able to hack the box if you only install the certificate and the rest is an out of the box install (default configuration).

If you want some extra security info

http://www.securityfocus.com
http://packetstorm.widexs.nl

04-24-2003, 03:19 PM	#1
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	SSL Certs if i have one for a domain and i switch hosts do i need another one? or just use the RSA key from before?

04-24-2003, 03:40 PM	#5
PowerCum CjOverkill Industry Role: Join Date: Apr 2003 Location: Woldwide Posts: 1,328	If you have one per domain? and change your host? What do you mean? You can create the SSL certificates you want when you want. Just read the ssl documentation about how to create your own certificates. On a site I was running some time ago the SSL certificate changed every 6 hours with no problems. __________________ CjOverkill Traffic Trading Script Free, secure and fast traffic trading script. Get your copy now

04-24-2003, 03:47 PM	#7
PowerCum CjOverkill Industry Role: Join Date: Apr 2003 Location: Woldwide Posts: 1,328	If the domain is the same, the host does not matter (if you mean hosthahahahaIP) Even that, I suggest you to make your own certificate. You only have to run 3 commands on the terminal and you have a brand new certificate (and you are shure that nobody else database does have a copy of your private server key). My personal opinion is that buying a certificate (that you can make yourself in less that 2 minutes) from other company (that will charge you with lots of $$$) is just stupid. __________________ CjOverkill Traffic Trading Script Free, secure and fast traffic trading script. Get your copy now

04-24-2003, 03:57 PM	#9
PowerCum CjOverkill Industry Role: Join Date: Apr 2003 Location: Woldwide Posts: 1,328	http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 How to create your own certificate http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 How to create your own Certificate Authority. I hope these faqs will help you. Also check the mod-ssl main site. http://www.modssl.org __________________ CjOverkill Traffic Trading Script Free, secure and fast traffic trading script. Get your copy now

04-25-2003, 01:42 AM	#12
PowerCum CjOverkill Industry Role: Join Date: Apr 2003 Location: Woldwide Posts: 1,328	To target me? What do you mean? to hack my server? If you are about to hack someones server you do not care about who has signed his certificate. The only thing you care is what soft is running the box and what company does host it. If you care about surfers, they do not know who verisign is. I personally trust a signature signed by domain.com that runs on domain.com instead of a signature signed by another-domain.com running on domain.com. Also I have been on several Thawte security conferences, and I can asure you that their model of server security is ... installing their certificates your server is secure... WRONG! Installing a SSL certificate only makes the connection between the server and the user to be encrypted. This way it is supposed that if someone is sniffing the user connection the user data will be safe... WRONG! If he sniffs the surfer connection from the beeginning then he will have the same data the surfer's browser has to decrypt the page, just the hax0r will need a little more work to do that. If the hax0r is skilled enought, he will perform a man in the middle attack and he will not only decrypt the connection, but also will be able to modify parameters. If you want to have a secure server, you have to really work your ass hard to secure the system. When I say secure the system, I mean that it's not only the Apache server, it's the whole system. Also, installing the newest patches is not a valid method to have a secure system, it only fixes some of the bugs. You have to tune up all the system services configuration, and make several extra patches. If you want your tech unalphabetical surfers to think they are on a secure system, then install a ssl certificate and you are done, but for real security, the ssl certificate is something almost irrelevant and only stops stupid 16 years kids that think they 0wn th4 m4tr1x, and still the 16 years stupid kid will be able to hack the box if you only install the certificate and the rest is an out of the box install (default configuration). If you want some extra security info http://www.securityfocus.com http://packetstorm.widexs.nl __________________ CjOverkill Traffic Trading Script Free, secure and fast traffic trading script. Get your copy now

04-24-2003, 03:25 PM	#2
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	yo

04-24-2003, 03:32 PM	#3
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	hey yo

04-24-2003, 03:35 PM	#4
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	My cock is shriveling up here

04-24-2003, 03:42 PM	#6
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	I have one from geotrust now on my domain blablabla.com IF i change hosts for blbla.com do i need to get another cert?