Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
ssl_certificates [2014/09/26 15:31] 127.0.0.1 external edit |
ssl_certificates [2016/04/19 10:27] steve |
||
---|---|---|---|
Line 4: | Line 4: | ||
* [[OpenSSL]] | * [[OpenSSL]] | ||
* [[Security]] | * [[Security]] | ||
+ | * [[VeriSign Certificates]] | ||
* [[http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert|Apache: create self-signed certificates]] | * [[http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert|Apache: create self-signed certificates]] | ||
Line 10: | Line 11: | ||
==== Buying a Certificate ==== | ==== Buying a Certificate ==== | ||
- | |||
- | == Policy == | ||
- | |||
- | Always buy a wildcard certificate for a client. This will guarantee that we can use it with any subdomain, and that the client will not need extra IP addresses. | ||
== Namecheap == | == Namecheap == | ||
Line 30: | Line 27: | ||
<code> | <code> | ||
- | openssl req -new -key /etc/ssl/private/private.key -out /etc/ssl/certs/digitaltrike.com.csr | + | openssl req -new -key /etc/ssl/private/private.key -out /etc/ssl/certs/domain.com.csr |
</code> | </code> | ||
Line 42: | Line 39: | ||
Save the Certficate Authority bundle to ''/etc/ssl/certs/domain.com.cabundle'' | Save the Certficate Authority bundle to ''/etc/ssl/certs/domain.com.cabundle'' | ||
- | |||
- | |||
- | |||
- | ==== Digital Trike ==== | ||
- | |||
- | Our SSL cert is a wildcard certificate. The Common Name is ''*.digitaltrike.com'' The private key is signed with a password. | ||
- | |||
- | The master keys and CA files are stored on tahiti in ''/etc/ssl/digitaltrike.com'' | ||
- | |||
- | ==== Maintenance ==== | ||
- | |||
- | Digital Trike can offer to clients the option to purchase, install and monitor SSL certificates. | ||
- | |||
- | === Comodo SSL Certificates (Namecheap) === | ||
- | |||
- | [[http://www.namecheap.com/ssl-certificates/comodo/comodo-ev-sgc-ssl-certificate.aspx|EV SGC SSL]] | ||
- | |||
- | $155/year/domain, no wildcard (www.domain.com) | ||
- | |||
- | * Business validation | ||
- | * "green bar" in browser | ||
- | * 128- or 256-bit encryption | ||
- | * Unlimited reissues | ||
- | * Unlimited server licenses | ||
- | |||
- | === GeoTrust SSL Certificates (Namecheap) (Recommended) === | ||
- | |||
- | [[http://www.namecheap.com/ssl-certificates/geotrust-ssl-certificates/true-businessid-wildcard.aspx|True BusinessID Wildcard]] | ||
- | |||
- | $389/year, wildcard (*.domain.com) | ||
- | |||
- | * Full business validation | ||
- | * Unlimited reissues | ||
- | * Up to 256-bit encryption |