SSL certificates In general how long does it usually take to get a ssl? Really what's the difference between the 128bit versus a 1024bit certificate? Really what's the difference between SSL and Chained SSL? Anyone know what a SSL certificate version : V3 is? Also what about serial numbers? 00 Valid? OK Got some info. v3 means version 3 and the latest version. So that is good. Serial number 00 means it's temporary until the main one is installed. And 1024bit is higher encryption then 128bit.
What kind of ssl? For a website? For your own pc? Each CA has a little bit different way of doing things.
Just curious. I 'sell' instantSSL certificates and I don't know what a chained certificate is. But I don't really sell many since I really have my account just to be able to buy the certs at wholesale for my sites and those of the company I work for. I can offer you an instantSSL cert if your interested. You can get all the info at www.instantssl.com. Just let me know what you want.
This page explains some stuff. Chained are not always good, I could be wrong, but sometimes the browser does not recognize that it is actually signed by a CA that the browser is aware of. Causing a popup message. Of course, a non-CA signed cert is still 1024 encrypted or whatever you you set it to. They just see the message "This might not be the host you think it is" message. They really ought to do something about the whole cert system.
I thought chained SSL 's could be used for the main root and sub domains. Right or wrong? It's hard to find proper documentation on SSL info. In Texas we don't like EV1, maybe it's because all the customer complaints that we hear about them for years now.
A chained SSL cannot be used for the main root and sub-domains because an SSL is issued to a specific domain name, i.e. www.domain.com. A wildcard SSL cert is what you are thinking of. As far as Ev1, I get my certs from them. I had one problem but they helped me work thru it. The bigger a company gets, the more customers they will have, thus more complaints. People like to complain more than they will give a compliment. A chained SSL is basically begins at a trust root CA (certificate authority) and then each subsequent certificate is signed by all the preceding to indicate they can be trusted. A normal SSL goes direct to the CA for trust verification. You can generate your own SSL and then ask your clients to trust it. Once they do this, they will not get a pop-up warning. They will still have the same encryption.
I have successful used installssl chained certs for years for clients. It took me a few hours to get installed the first time but now I can do a new chained cert within minutes. You can apply and get approved normally within 48 hours. My users do not get popups for any of the certs that I am aware of. https://www.robotisland.com/ check it out and lmk if you get a popup at all
When someone visits your page, their browser has a list of CA's (Certificate Authorities) built in. You send them your encryption key, and a lot of other information, like the name of your business, and your CA. Their browser then verifies that they are looking at the correct webpage (so they don't put their credit card information into the wrong site and get robbed). So, then they have a certified encrypted connection with your site. So when they go to buy something, their CC info goes over the net in an encrypted fashion so it cannot be stolen. Again, it also verifies that they are talking to the site they think they are talking to. If I had access to their network, it wouldn't be hard for me to trick them into thinking they were on your site when they were really on mine (phishing) and get them to buy a product and give me their CC information. A certificate prevents this from happening. If any of this is incorrect, feel free to correct me. =)
Love it! CUTE ROBOTS !!!!!!!!!!!!!!!!! Remember Maguma Tashi was Goldar here in the USA. Is it illegal for someone/admin to change the contact info in someones ssl certificate that was issued from the SSL company?
You can' really do this - this info is signed with a private key of CA and if you change anything, the certificate will become unusable. J.D.
More accurately, it works like this: * the client connects to a server and requests the server's certificate, which includes server's identity (e.g. domain name), server's public key and a signature that ensures certificate's integrity. The signature is obtained by hashing certificate's info and encrypting the resulting hash with the CA's private key, so that nobody can modify certificate (not even the server admins) * the client generates a random symmetric key (symmetric encryption (i.e. the one that uses same key for encryption/decryption) is about 100 times faster than public/private encryption) and encrypts it with the server's public key. The encrypted symmetric key is sent back to the server * the server decrypts the symmetric key with its private key and uses it to send any data to the client (e.g. HTML, etc) Optionally, the server may request client's certificate as well, which can be used for password-less authentication. With regards to intermediate authorities (chained certs), if you import a certificate that requires one (e.g. Instant SSL certs), you need to make sure that you also imported the intermediate authority certificate or else some browsers will pop a dialog when clients connect to your server. J.D.
JD, Thanks for the info! Good explanation, although I don't quite understand the symmetric key part... I'm usually a visual learner, got an cool graphics? Heh! Gatordun, What method did they change it with? There must be some accounting on the server that would tell who accessed what and when? Also, is your name a play on "get 'er done" ? Heh.
To, change anything on a ssl cert it needs to be resigned. If the email got changed, then both side would know about it. The CA because the resigned/reissued teh cert and the host cos they installed the thing. Ignore Wildcard ssl certs - I'm pretty sure I've read somewhere that they're not supported correctly by IE6 (or is it 7)but I can't find the link. But anyway, wildcard certs break the end to end security ssl model as the client cannot tell which server actually sent the data.