Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 21-06-2007, 15:00   #1
Guest 33003
Trusted User
 
Join Date: Jun 2003
Location: Walking on water
Posts: 4,241
Thanks: 0
Thanked 0 Times in 0 Posts
Where should I get my SSL certificate from?

Made the evidently foolish decision to bag an SSL certificate from GoDaddy a while back.

Now I find out that when I link to content on my server using https: browsers don't like GoDaddy SSLs - comes up as 'unknown certificate provider' or something like that.

So where should I get a certificate from that'll be accepted by browsers?

Can't quite believe this is occurring to be honest. What's the point of selling an SSL certificate that gives browsers problems like that?
Guest 33003 is offline   Reply With Quote
Old 21-06-2007, 15:52   #2
bbevan
Trusted User
 
Join Date: Nov 2003
Location: Worcester
Posts: 773
Thanks: 0
Thanked 4 Times in 4 Posts
Not much of an expert on these things, but I'm told the provider of your certificate can make a huge difference to its credibility...

Try http://www.verisign.com/index3.html they've been in the game for years, so would make a good starting point

There was a big thread about this a while ago, something to do with syncing mobile device with an Exchange Mail Server, have a dig about you might find it
bbevan is offline   Reply With Quote
Old 22-06-2007, 01:12   #3
Guest 993
Trusted User
 
Join Date: Sep 2000
Posts: 16,470
Thanks: 0
Thanked 0 Times in 0 Posts
VeriSign are huge. They are more than just a signing authority, they run and control a fairly major chunk of the Internet backbone (including several root nameservers and the .com and .net top level domains) with ambitions to control far more. Were recently involved in a bit of controversy by redirecting non-active or non-existent domain requests to their own sites.

Thawte is the other major one... who are also owned by VeriSign

Then there's GeoTrust... yep you've guessed it, also now owned by VeriSign

They're all the ones of any repute. Note that the likes of Microsoft back them so guaranteed to have the root certificates in your browser and no problem authenticating anything signed by these guys.

Last edited by DeadKenny; 22-06-2007 at 01:15.
Guest 993 is offline   Reply With Quote
Old 22-06-2007, 11:36   #4
Guest 3966
Trusted User
 
Join Date: Mar 2001
Location: UK
Posts: 607
Thanks: 0
Thanked 0 Times in 0 Posts
Thawte one from here less than 50 quid works fine on my exchange 2003 for owa, rdp and activesync without having to install any certs on client devices.

http://www.thawte.com/ssl123/google....FQnclAod6gEF9Q
Guest 3966 is offline   Reply With Quote
Old 22-06-2007, 11:52   #5
bigsimes
Trusted User
 
Join Date: Dec 2000
Posts: 914
Thanks: 19
Thanked 9 Times in 9 Posts
We switched from Verisign (expensive) to Geotrust (good n cheap). Now as DeadKenny says Geotrust are part of Verisign. However they trade independantly and I think their certificate prices are reasonable...
__________________
oh Eddie, what a sad waste of a young attractive life!
bigsimes is offline   Reply With Quote
Old 25-06-2007, 11:23   #6
KennyVader
Insomniac
 
KennyVader's Avatar
 
Join Date: Dec 2005
Location: West London
Posts: 18,892
Thanks: 145
Thanked 102 Times in 58 Posts
I used to recommend GoDaddy certs as they were cheap and worked (even on PDAs) however they recently changed from listing Starfield as the ultimate authority to listing GoDaddy themselves. Since the idiots changed that, I can't get GoDaddy certificates to work on anything without a lot of hassle. Because as you say, GoDaddy is not in the trusted root provider list of (m)any browsers. They seem to be either too stupid or too vain to realise that this makes their certificates pretty much useless so they are to be avoided at all costs now. Good on the other recommendations.
KennyVader is offline   Reply With Quote
Old 25-06-2007, 11:50   #7
Guest 10361
Trusted User
 
Join Date: Aug 2001
Posts: 5,026
Thanks: 0
Thanked 0 Times in 0 Posts
Agreed. My GoDaddy cert is pretty much useless. Will go with 1 of the other recommendations. Thanks.
Guest 10361 is offline   Reply With Quote
Old 25-06-2007, 12:11   #8
Kryten
Administrator
 
Kryten's Avatar
 
Join Date: Jun 2001
Location: In my own little world
Posts: 29,839
Thanks: 69
Thanked 218 Times in 190 Posts
GoDaddy should be valid still if you have updated your root certificates in your browser from Windows Update. Their intermediate CA cert is valid until 2026 and their root CA until 2034

EDIT: That is in both IE7 and Firefox 2.0 I just checked
__________________
Forum Moderator: Mail Me
The Digital Fix | Tweals

Last edited by Kryten; 25-06-2007 at 12:12.
Kryten is offline   Reply With Quote
Old 25-06-2007, 12:53   #9
KennyVader
Insomniac
 
KennyVader's Avatar
 
Join Date: Dec 2005
Location: West London
Posts: 18,892
Thanks: 145
Thanked 102 Times in 58 Posts
Quote:
Originally Posted by Kryten View Post
GoDaddy should be valid still if you have updated your root certificates in your browser from Windows Update. Their intermediate CA cert is valid until 2026 and their root CA until 2034

EDIT: That is in both IE7 and Firefox 2.0 I just checked
Yep but this doesn't help other browsers, PDAs, mobile phones etc that often need a firmware update or indeed a totally new model before they get an updated root certs lists. The point is that it was fine when they were root-certificated by Starfield Certification Authority, and now they've had what looks to be little more than a cosmetic change so they say "GoDaddy" instead, lots of stuff is now that tiny little bit more awkward to mean "don't use GoDaddy any more". What's possibly worse though is that GoDaddy don't seem to understand or care that they've broken what was previously a good product at an excellent price from them; do you really want to entrust your SSL requirements to an organisation that doesn't understand or care about making this sort of unannounced change and it's effect.
KennyVader is offline   Reply With Quote
Old 21-11-2007, 14:12   #10
fabbers
XBL: fabbers
 
Join Date: Sep 2002
Location: Yorkshire
Posts: 2,672
Thanks: 78
Thanked 29 Times in 17 Posts
Hi all, I'm in the process of switching to a proper cert from self signed but need one that work with Nokia Mail for Exchange on the E61. Anyone got any experience with the Thawte SSL123 certs?
fabbers is offline   Reply With Quote
Old 21-11-2007, 14:40   #11
Guest 3966
Trusted User
 
Join Date: Mar 2001
Location: UK
Posts: 607
Thanks: 0
Thanked 0 Times in 0 Posts
yup I use one and worked straight off the bat on our exchange 2003 box for OWA, Push email for WM6 and RPC over https and RDP over https
Guest 3966 is offline   Reply With Quote
Old 21-11-2007, 14:44   #12
fabbers
XBL: fabbers
 
Join Date: Sep 2002
Location: Yorkshire
Posts: 2,672
Thanks: 78
Thanked 29 Times in 17 Posts
Cheers for that, i've seen posts that they're fine with windows mobile but apparently Nokias activesync equivelant is a bit picky.
fabbers is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Earliest 18 Certificate? Guest 21866 Film Discussion 14 10-07-2005 18:21
X2 Certificate Guest 1088 Film Discussion 2 17-04-2003 08:56
Spiderman UK certificate Guest 17479 Film Discussion 26 11-05-2002 23:45

All times are GMT. The time now is 11:57.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Copyright ©2000 - 2018 Poisonous Monkey Ltd. Part of The Digital Fix Network