Difference between revisions of "Certificates"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
Line 1: Line 1:
We need to write info about Einstein's certificates. We can also consider buying a ligitimate certificate, rather than home-brew ones.
+
We can consider buying a legitimate certificate, rather than home-brew ones:
Located at /etc/openldap/root_dn.crt
+
 
 +
"You need a key and a certificate to operate your secure server — which means that you can either generate a self-signed certificate or purchase a CA-signed certificate from a CA. What are the differences between the two?
 +
 
 +
A CA-signed certificate provides two important capabilities for your server:
 +
* Browsers (usually) automatically recognize the certificate and allow a secure connection to be made, without prompting the user.
 +
* When a CA issues a signed certificate, they are guaranteeing the identity of the organization that is providing the webpages to the browser."[http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-httpd-secure-server.html#s2-secureserver-certs]
 +
 
 +
The certificate used for LDAP is located at /etc/openldap/root_dn.crt.  Do we use the same certificate for everything?  If that's only for LDAP then there's no benefit to buying one from an authority.

Revision as of 12:46, 2 August 2007

We can consider buying a legitimate certificate, rather than home-brew ones:

"You need a key and a certificate to operate your secure server — which means that you can either generate a self-signed certificate or purchase a CA-signed certificate from a CA. What are the differences between the two?

A CA-signed certificate provides two important capabilities for your server:

  • Browsers (usually) automatically recognize the certificate and allow a secure connection to be made, without prompting the user.
  • When a CA issues a signed certificate, they are guaranteeing the identity of the organization that is providing the webpages to the browser."[1]

The certificate used for LDAP is located at /etc/openldap/root_dn.crt. Do we use the same certificate for everything? If that's only for LDAP then there's no benefit to buying one from an authority.