Mailinglist Archive: opensuse (3139 mails)

["Greg Freemyer" <greg.freemyer@xxxxxxxxx>]

On 9/30/06, ken <gebser@xxxxxxxxxxxxx> wrote:
> 张�|武 wrote:
> > ....
> >
> > Now our go daddy SSL certificate is expiring (no surprising we choose go
> > daddy the first time: because they made more advertisements), I wish to
> > take this chance to use another certificate issuer. We need cheap
> > Intranet level certificate, from a certificate issuer that is more
> > Linux-friendly. Which certificate issuer Linux admins prefer? For me not
> > necessarily a USA company.
> >
> > In my case we cannot use CACert.org.
>
> If it's just for an intranet server, you can create your own certificate
> using apache.

If you do that, then your Intranet users will need to accept your
machine as a signing authority.  Not a big deal if it is just a few
users.  If you have a few hundred users on your intranet, it is
probably easier to get the cert from a pre-authorized signing
authority.

FYI: I use a self-signed cert on our Intranet with 15 users.  Seems to
work fine once we added our machine as signing authority in both ie
and firefox.  It is easy to do in both, but has to be done on each
client machine individually as far as I know.

Greg
--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century