Jump to content
RESET Forums (homeservershow.com)
Jason

SSL Certificates for Home Use?

Recommended Posts

Jason

Thanks Drashna. GoDaddy refunded my purchase. I was then able to get a 2-yr SSL Wildcard from RapidSSL (Geotrust) for slightly more. Good deal.

 

Something about a 2-yr cert from StartSSL for $140 USD seemed too good to be true. Maybe next time.

Edited by Jason

Share this post


Link to post
Share on other sites
Drashna Jaelre

Well, glad to hear it! 

 

 

And yeah, I know what you mean.

Share this post


Link to post
Share on other sites
LoneWolf

Also check out cacert.org .

 

I used their free server certificates for Server 2012 Anywhere Access at one point.  At this point, I've replaced that with just using SSLVPN on my Watchguard, tied to Dynamic DNS, but it worked fine.

  • Like 1

Share this post


Link to post
Share on other sites
ShadowPeo

Curios because I don't know, why would the intermediate CA need to be installed on devices?

It has to do with ease of use (less downloading) and less potential attack vectors. Operating Systems and browsers commonly only contain the root certificates for browsers, but the providers often sign using an intermediate (or one of several intermediates). Browsers and alike can download the intermediate certificates themselves, this however takes time, so for security and ease of use its better to get the system to simply present the intermediates at the time of sending their SSL details

 

The way it is handled on the server end is dependent on the system/software for example the Synology DSM wants them in their own file, whereas NGINX uses a single concatenated file that contains all the certificates in the chain.

 

If you run a SSL security test as offered by SSL Labs (https://www.ssllabs.com/ssltest/analyze.html) against an SSL encrypted site I am lead to believe you are capped to a B security rating (Personally all my servers are running at A+) if you do not present the intermediate certificates. I cannot confirm this as I have by default always presented the chain to the browsers.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...