New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I'm fairly sure all of them ignore it since it can't be verified at all no?
Francisco
Not reject ~ Its just warning ,not hard reject like diginotar or something
Some way to force Chrome to allow specific self signed certs?
I have tried Opera and it can do it
I did this a long time ago so the steps might not be exact but it should be close:
Maybe there is an easier way to do it but this works.
You have to allow it per certificate, I know on OS X you can add it to your keychain, and it will accept it system wide.
Thanks kiloserve, seems that didn't worked u_u I will try with other cert later. It seems that I need to add them to the OS repository (at this moment Windows and as Daniel says, to the OSx keychain).
The SSL-certificates is the income the browser creators have. They won't cut that flow of money.
@kylix How's that?
@drmike instead of a self signed you can use a free one. See startssl.com
@Daniel: Web browsers and ftp clients transparently accept SSL certificates signed by certificate providers who pay to have this functionality enabled in those clients. You need an audit to have your root-cert included, which is handled i.e. by webtrust.org. It costs ~$75,000 up-front plus ~$10,000 per year.
@kylix But a lot of web browsers don't manage their own SSL certificates, they use the ones in the OS
@Daniel: Firefox manages it owns. I don't know about IE or other browsers and I've never heard that the OS deals with SSL-certificates. But I guess you have to pay the OS-producer then, too.
Get a http://www.cacert.org/ certificate, it's much better than self-signed - it's free, full-featured (e.g. multi-domain) and accepted as valid at least by some operating systems and browsers: https://secure.wikimedia.org/wikipedia/en/wiki/CACert#Inclusion_status
If your browser doesn't, you can manually install the CACert root certificate in it, and then never get a warning on CACert-signed websites, not having to add exception for each of them individually.
Yes, CAcert is quite nice but I haven't found a browser that uses it.
You can get a free class 1 certificate from http://www.startssl.com/ and its accepted by all the popular browsers
StartSSL is sucky because its free cert is single-domain-only.
I do not have 1 IPv4 per every domain I want to use SSL on.
Then use SNI.
I do not have 1 IPv4 per every domain I want to use SSL on.
That is the problem.
Also, I am too lazy to get 832903829 certs for all my sites
Paid certificate for multiple domains = $60/2 years, not too bad. The IPv4 issue is separate because you might want to use different IPs for ie6 and other older browsers anyway.
I use my trick to get free RapidSSL certificates.
My little fraudster!
I just use NameCheap for SSLs, their darn cheap, and accepted by most OS's and browsers.
Hmm... this might be off-topic but what I read today made me think that there's a bigger problem regarding SSL (TLS 1.0 and earlier).
(http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/)
And Windows XP also if I remember. And a lot of people uses XP (me at this moment in my netbook)
That is a clever trick that I think shouldn't be publicized too much or else.. they'd stop it.
Caught :-)
I think I have a good idea what you are talking about. Works with GeoTrust too
Two other options... one would be to create a self-signed CA cert. Import that into your various browsers, and then you can use that cert to sign as many other certs as you want and since they're signed by the already trusted CA cert, they'll be trusted as well.
Another is to do basically the same thing through the CACert.org system. Free certificates, you just have to install their CA cert in your browsers. Many linux distros come with them preinstalled now though.
Interesting site diffra
I was just wondering about the self signed.