|
SSL Certs
if i have one for a domain and i switch hosts do i need another one? or just use the RSA key from before?
|
yo
|
hey yo
|
My cock is shriveling up here
|
If you have one per domain? and change your host?
What do you mean? You can create the SSL certificates you want when you want. Just read the ssl documentation about how to create your own certificates. On a site I was running some time ago the SSL certificate changed every 6 hours with no problems. |
I have one from geotrust now on my domain blablabla.com
IF i change hosts for blbla.com do i need to get another cert? |
If the domain is the same, the host does not matter (if you mean hosthahahahaIP)
Even that, I suggest you to make your own certificate. You only have to run 3 commands on the terminal and you have a brand new certificate (and you are shure that nobody else database does have a copy of your private server key). My personal opinion is that buying a certificate (that you can make yourself in less that 2 minutes) from other company (that will charge you with lots of $$$) is just stupid. |
Quote:
I am ok with unix commands and so on. You got any resources on how to genarate it myself? |
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28
How to create your own certificate http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 How to create your own Certificate Authority. I hope these faqs will help you. Also check the mod-ssl main site. http://www.modssl.org |
Quote:
|
Quote:
Sputter |
To target me? What do you mean? to hack my server?
If you are about to hack someones server you do not care about who has signed his certificate. The only thing you care is what soft is running the box and what company does host it. If you care about surfers, they do not know who verisign is. I personally trust a signature signed by domain.com that runs on domain.com instead of a signature signed by another-domain.com running on domain.com. Also I have been on several Thawte security conferences, and I can asure you that their model of server security is ... installing their certificates your server is secure... WRONG! Installing a SSL certificate only makes the connection between the server and the user to be encrypted. This way it is supposed that if someone is sniffing the user connection the user data will be safe... WRONG! If he sniffs the surfer connection from the beeginning then he will have the same data the surfer's browser has to decrypt the page, just the hax0r will need a little more work to do that. If the hax0r is skilled enought, he will perform a man in the middle attack and he will not only decrypt the connection, but also will be able to modify parameters. If you want to have a secure server, you have to really work your ass hard to secure the system. When I say secure the system, I mean that it's not only the Apache server, it's the whole system. Also, installing the newest patches is not a valid method to have a secure system, it only fixes some of the bugs. You have to tune up all the system services configuration, and make several extra patches. If you want your tech unalphabetical surfers to think they are on a secure system, then install a ssl certificate and you are done, but for real security, the ssl certificate is something almost irrelevant and only stops stupid 16 years kids that think they 0wn th4 m4tr1x, and still the 16 years stupid kid will be able to hack the box if you only install the certificate and the rest is an out of the box install (default configuration). If you want some extra security info http://www.securityfocus.com http://packetstorm.widexs.nl |
| All times are GMT -7. The time now is 02:59 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123