Difference between revisions of "Certificates"
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search| Line 1: | Line 1: | ||
| − | + | We can consider buying a legitimate certificate, rather than home-brew ones: | |
| − | + | ||
| + | "You need a key and a certificate to operate your secure server — which means that you can either generate a self-signed certificate or purchase a CA-signed certificate from a CA. What are the differences between the two? | ||
| + | |||
| + | A CA-signed certificate provides two important capabilities for your server: | ||
| + | * Browsers (usually) automatically recognize the certificate and allow a secure connection to be made, without prompting the user. | ||
| + | * When a CA issues a signed certificate, they are guaranteeing the identity of the organization that is providing the webpages to the browser."[http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-httpd-secure-server.html#s2-secureserver-certs] | ||
| + | |||
| + | The certificate used for LDAP is located at /etc/openldap/root_dn.crt. Do we use the same certificate for everything? If that's only for LDAP then there's no benefit to buying one from an authority. | ||
Revision as of 12:46, 2 August 2007
We can consider buying a legitimate certificate, rather than home-brew ones:
"You need a key and a certificate to operate your secure server — which means that you can either generate a self-signed certificate or purchase a CA-signed certificate from a CA. What are the differences between the two?
A CA-signed certificate provides two important capabilities for your server:
- Browsers (usually) automatically recognize the certificate and allow a secure connection to be made, without prompting the user.
- When a CA issues a signed certificate, they are guaranteeing the identity of the organization that is providing the webpages to the browser."[1]
The certificate used for LDAP is located at /etc/openldap/root_dn.crt. Do we use the same certificate for everything? If that's only for LDAP then there's no benefit to buying one from an authority.
