Certificates

From Nuclear Physics Group Documentation Pages
Revision as of 12:46, 2 August 2007 by Steve (talk | contribs)
Jump to navigationJump to search

We can consider buying a legitimate certificate, rather than home-brew ones:

"You need a key and a certificate to operate your secure server — which means that you can either generate a self-signed certificate or purchase a CA-signed certificate from a CA. What are the differences between the two?

A CA-signed certificate provides two important capabilities for your server:

  • Browsers (usually) automatically recognize the certificate and allow a secure connection to be made, without prompting the user.
  • When a CA issues a signed certificate, they are guaranteeing the identity of the organization that is providing the webpages to the browser."[1]

The certificate used for LDAP is located at /etc/openldap/root_dn.crt. Do we use the same certificate for everything? If that's only for LDAP then there's no benefit to buying one from an authority.