Different between signed certificates and normal one

[nawas]

Hi
I am a real newbie to ssl, so please excuse my ignorance. I currently have a certificate from cacert.org, and am wondering if anyone else is using this. Also, what is the diffrence between a signed certificate and a normal one. Or are all certificates signed.

thanks.

 

[jerry2005]

The SSL protocol is used by millions of e-Business providers to protect their customers ensuring their online transactions remain confidential. In order to be able to use the SSL protocol, a web server requires the use of an SSL certificate. Certificates are provided by Certification Authorities (CA) who in most cases also offer additional products and services to aid e-Businesses to demonstrate that they are trustworthy.

Take a look here: http://www.whichssl.com/

 

[ballyn]

This is simplified, but might be useful...

All certificates are signed, it's just that some are self-signed. That means that you don't have a CA (certificate authority) to sign the keys.

Most apps that support SSL have a list of CAs that are "trusted". If you get your certificate signed by one of these CAs, the trust chain is valid and you won't get any notices about the certificate not being valid.

Cacert is trying to get their CA included in these apps (Mozilla and IE would be the key ones), but that hasn't happened (and probably won't anytime soon).

So, if you want to avoid notices about invalid certificates, you'll need to pay someone to sign your cert. Alternately, you can ask your users to import cacert's CA into their browser or application.

 

[nawas]

but i have heard that mozilla have accepted cacert, correct if i am wrong, a search on google supports this.

 

[ballyn]

It's not included in my version of Firefox 1.0.6... I believe that this site is signed with cacert's CA.

https://www.financialcryptography.com/mt/archives/000514.html

 

[nawas]

http://scoop.freenetworks.org/story/2004/2/5/1304/28701

 

[ballyn]

That was a jump-the-gun if I've ever seen one.

AFAICT, the cacert.org CA inclusion is still pending.

http://www.hecker.org/mozilla/ca-certificate-list

 

[nawas]

Ahhhhhhh yes. Ok its pending. Can you help me with one thing. How do you assign an ip to a specific domain.

 

[nobaloney]

And even when it's no longer pending, it'll never be in the versions already on everyone's desktop now, until/unless they upgrade.

And most people never upgrade, so even if the next version of Firefox includes the root cert, your clients still won't see it.

If you want to avoid browsers coming up with the "untrusted cert" message you should probably buy your own cert. EV1 sells an inexpensive cert, and so does GoDaddy. And so do we,
here.

Jeff

 

[nobaloney]

How do you assign an ip to a specific domain./QUOTE]
As admin, you assign the IP# to the reseller, and then as reseller you assign it to the user.

Jeff