OT: cheap CA certificates

Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will
authorize against? Thawte and Verisign have outpriced themselves.

-Eric Wood

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: OT: cheap CA certificates

http://www.geotrust.com/equifax/
On Mon, Nov 17, 2003 at 02:33:53PM -0500, Eric Wood wrote:
> From: "Eric Wood"
> To:
> Subject: OT: cheap CA certificates
> Date: Mon, 17 Nov 2003 14:33:53 -0500
> Reply-To: modssl-users@modssl.org
>=20
> Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients wi=
ll
> authorize against? Thawte and Verisign have outpriced themselves.
>=20
> -Eric Wood
>=20
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
--
Peter Burkholder, System Administrator
Digital Library for Earth System Education (DLESE® -- http://www.dlese=
..org)
peterb@ucar.edu
DLESE Program Center (DPC) ~~~ ~~ ~~~~ __o
UCAR/DPC, P.O. Box 3000 Ph) +1-303-497-2663 ~~~ ~~~~ ~~ _`\<=
,_
Boulder, CO 80307-3000 Fx) +1 303-497-8336 ~~~~ ~~~ ~~~~ (*)/ =
(*)
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: OT: cheap CA certificates

This is a cryptographically signed message in MIME format.

--------------ms070501040903030509080501
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello Eric,

Eric Wood wrote:
> Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will
> authorize against? Thawte and Verisign have outpriced themselves.

That depends on your definition of the terms cheap and reliable.

But we offer client and server certs
(low level client certs are still free)

Bye

Goetz

--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126

--------------ms070501040903030509080501
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH AQAAoIIIkDCC
BEQwggOtoAMCAQICDwCQHgAAAAJOQu0jEgf3pTANBgkqhkiG9w0BAQUFADCB vDELMAkGA1UE
BhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4 BgNVBAoTMVRD
IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdt YkgxIjAgBgNV
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0BCQEW GmNlcnRpZmlj
YXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDIxMDE0NDI1MFoXDTA0MDIxMDE0 NDI1MFowgaox
CzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1i dXJnMRowGAYD
VQQKExFUQyBUcnVzdENlbnRlciBBRzEUMBIGA1UECxMLRW50d2lja2x1bmcx GjAYBgNVBAMT
EUdvZXR6IEJhYmluLUViZWxsMSkwJwYJKoZIhvcNAQkBFhpiYWJpbi1lYmVs bEB0cnVzdGNl
bnRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALB6adN6 EChrpAbT5KV1
ceRRIDAoGnz2gsBoFI2BwJLS+RpuIZfdJOepm4crg3X6LXrMKwSF/lshFeHr VPtLzabgLGyF
SujsJP0z3u7f4XNYCGHl4UbyPkYboIP9GC/DRtsknO1YfJUy/4yKBG4VjJ4A P6vZTEQey6jm
xelsK2ek4vwRfUjs/z9UcZmtj4ipiHP6IqFyydDTLarn1jWHUu2zFnJzryZ6 mXdOUPihCOFG
D+c1KFksZ1VscgDpKygTQcIg/VItmbeFkhOj9IkboOyiVKvvfhujlxmdm9AC t22MjMrB0RAb
9TR1DgXlyofwykKAK+GM8Cu8jcKaJjvfhaMCAwEAAaOB0zCB0DAMBgNVHRMB Af8EAjAAMA4G
A1UdDwEB/wQEAwIF4DA+BglghkgBhvhCAQgEMRYvaHR0cDovL3d3dy50cnVz dGNlbnRlci5k
ZS9ndWlkZWxpbmVzL2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgWgMF0G CWCGSAGG+EIB
AwRQFk5odHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr LXJldi5jZ2kv
OTAxRTAwMDAwMDAyNEU0MkVEMjMxMjA3RjdBNT8wDQYJKoZIhvcNAQEFBQAD gYEAObOwuCFG
0HmVvCm8llpJ3qsBqtZgFyUT0wuz8JG6CZjHn5lwvOg+8m8huKrE5oGEQIo9 EwLcFLDNVsxB
CiwjX2juU3JQl2Hs2smUyHkOqg+W0COetRp+PcDAk4hk0Mth5A3bDy3Frzyh bjpYjAZTvnsY
9+QYmJm5cGWBJK9I7kIwggREMIIDraADAgECAg8AkB4AAAACTkLtIxIH96Uw DQYJKoZIhvcN
AQEFBQAwgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYD VQQHEwdIYW1i
dXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4g RGF0YSBOZXR3
b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENB MSkwJwYJKoZI
hvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw0wMzAyMTAx NDQyNTBaFw0w
NDAyMTAxNDQyNTBaMIGqMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy ZzEQMA4GA1UE
BxMHSGFtYnVyZzEaMBgGA1UEChMRVEMgVHJ1c3RDZW50ZXIgQUcxFDASBgNV BAsTC0VudHdp
Y2tsdW5nMRowGAYDVQQDExFHb2V0eiBCYWJpbi1FYmVsbDEpMCcGCSqGSIb3 DQEJARYaYmFi
aW4tZWJlbGxAdHJ1c3RjZW50ZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIB
AQCwemnTehAoa6QG0+SldXHkUSAwKBp89oLAaBSNgcCS0vkabiGX3STnqZuH K4N1+i16zCsE
hf5bIRXh61T7S82m4CxshUro7CT9M97u3+FzWAhh5eFG8j5GG6CD/Rgvw0bb JJztWHyVMv+M
igRuFYyeAD+r2UxEHsuo5sXpbCtnpOL8EX1I7P8/VHGZrY+IqYhz+iKhcsnQ 0y2q59Y1h1Lt
sxZyc68mepl3TlD4oQjhRg/nNShZLGdVbHIA6SsoE0HCIP1SLZm3hZITo/SJ G6DsolSr734b
o5cZnZvQArdtjIzKwdEQG/U0dQ4F5cqH8MpCgCvhjPArvI3CmiY734WjAgMB AAGjgdMwgdAw
DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwPgYJYIZIAYb4QgEIBDEW L2h0dHA6Ly93
d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9pbmRleC5odG1sMBEGCWCG SAGG+EIBAQQE
AwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50ZXIu ZGUvY2dpLWJp
bi9jaGVjay1yZXYuY2dpLzkwMUUwMDAwMDAwMjRFNDJFRDIzMTIwN0Y3QTU/ MA0GCSqGSIb3
DQEBBQUAA4GBADmzsLghRtB5lbwpvJZaSd6rAarWYBclE9MLs/CRugmYx5+Z cLzoPvJvIbiq
xOaBhECKPRMC3BSwzVbMQQosI19o7lNyUJdh7NrJlMh5DqoPltAjnrUafj3A wJOIZNDLYeQN
2w8txa88oW46WIwGU757GPfkGJiZuXBlgSSvSO5CMYIEdzCCBHMCAQEwgdAw gbwxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTow OAYDVQQKEzFU
QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBH bWJIMSIwIAYD
VQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkB FhpjZXJ0aWZp
Y2F0ZUB0cnVzdGNlbnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMAkGBSsOAwIa BQCgggJ7MBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTEx NzIwMDUyM1ow
IwYJKoZIhvcNAQkEMRYEFNevXwWtuWuBQvQFnEQUz0IrbaraMFIGCSqGSIb3 DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHhBgkrBgEEAYI3EAQxgdMwgdAwgbwxCzAJBgNVBAYT AkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBU cnVzdENlbnRl
ciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQL ExlUQyBUcnVz
dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0 ZUB0cnVzdGNl
bnRlci5kZQIPAJAeAAAAAk5C7SMSB/elMIHjBgsqhkiG9w0BCRACCzGB06CB 0DCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcx OjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtz IEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0B CQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlAg8AkB4AAAACTkLtIxIH96UwDQYJKoZI hvcNAQEBBQAE
ggEAYgT/URiyp235W75p0PpM+o8v/k9adGmdkqOBkwgLFlUuLDxC9Mz4/ITM ht1HrjhEdyWz
XC3Uj3JFdDkljTbOAgm32muqQp0sYrHvEf6VEuIT5CRz1SVvva8gRxvIeTMP t7qejDWsmoRn
JWpRDtH0Z5dRn31972Nkdq5Db15znF584akpaKogNyKenb8Kaaex/OZn99/O lRA4Y3+vvuUd
tO/5o137dqIG2yaQGrQCMtxOzC+G4L/vkoBO9K+4O6SKWBsHoNlHzpaoQTWf 0O2Qv+LmDfFN
t9HAUJZoRoEONpXN7qmcKDrtIkbwOQ1H3Vt3mmDSEt8LCnl77Wh7x7mjvwAA AAAAAA==
--------------ms070501040903030509080501--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re[2]: OT: cheap CA certificates

Thawte is pretty cheap. $127 bucks through their ISP channel (anyone
can sign up) for a regular web cert, I am not sure you can do much better.

If it's not worth $127 a year, then I assume it's not for profit, e.g.
for internal use only or for a small number of users. In that case,
just use self-signed certificates. They're no less secure, they just
pop up a warning. Advise your users to add them to their root store
the first time they connect to your site and even that won't happen
anymore. We do this for all our internal secured sites.

-- Jamie

Monday, November 17, 2003, 3:05:23 PM, you wrote:

GBE> Hello Eric,

GBE> Eric Wood wrote:
>> Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will
>> authorize against? Thawte and Verisign have outpriced themselves.

GBE> That depends on your definition of the terms cheap and reliable.

GBE> But we offer client and server certs
GBE> (low level client certs are still free)

GBE> Bye

GBE> Goetz




--
Best regards,
James mailto:jamie@trewtech.com

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Re[2]: OT: cheap CA certificates

Here is one comparison of different SSL certificate choices and their
prices:

http://www.whichssl.com/ssl-certificate-comparison.html


--Kevin

-----Original Message-----
From: James Treworgy [mailto:jamie@trewtech.com]
Sent: Monday, November 17, 2003 2:12 PM
To: Goetz Babin-Ebell
Cc: modssl-users@modssl.org
Subject: Re[2]: OT: cheap CA certificates


Thawte is pretty cheap. $127 bucks through their ISP channel (anyone
can sign up) for a regular web cert, I am not sure you can do much better.

If it's not worth $127 a year, then I assume it's not for profit, e.g.
for internal use only or for a small number of users. In that case,
just use self-signed certificates. They're no less secure, they just
pop up a warning. Advise your users to add them to their root store
the first time they connect to your site and even that won't happen
anymore. We do this for all our internal secured sites.

-- Jamie

Monday, November 17, 2003, 3:05:23 PM, you wrote:

GBE> Hello Eric,

GBE> Eric Wood wrote:
>> Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients
will
>> authorize against? Thawte and Verisign have outpriced themselves.

GBE> That depends on your definition of the terms cheap and reliable.

GBE> But we offer client and server certs
GBE> (low level client certs are still free)

GBE> Bye

GBE> Goetz




--
Best regards,
James mailto:jamie@trewtech.com

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

OT: Perl LWP SSL Issue

Sorry for this off-topic issue, but I have tried all the patches and all
the google result suggestions possible.

I am getting in the HEADERS specifically the error:

> Client-SSL-Warning: Peer certificate not verified

I cannot seem to get around this, I have patched https.pm and http.pm in
the LWP library with "sure to fix" solutions but still get this error.

I am using:

$ openssl version
OpenSSL 0.9.7a Feb 19 2003

$ perl -v
This is perl, v5.6.1 built for i386-freebsd

$ lwp-request -v
This is lwp-request version 2.06 (libwww-perl-5.76)

Any ideas ?

- Drew


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org