Home page logo
/

basics logo Security Basics mailing list archives

Re: questions on SSL
From: judd.obannon () rackspace com
Date: Fri, 14 Nov 2008 10:44:08 -0600

Quite Honestly you should encrypt traffic with SSL (or other protocols) any time you have the opportunity as the meager amount of bandwith it entails is far outweighed by the privacy it provides. No educated user will send any personal information without it being encrypted.

As far as SSL certificates for multipule sites the best way to go about this is to purchase a certificate that uses alternative domain names, sometimes referred to as alternative common names. My personal experience is that GoDaddy provides them for the cheapest fee (their wildcard certificates are very reasonable as well). Alternative CN certificates will work for x.domain.com, y.domain.com, or any other domain that is listed on the certificate. A wildcard will work for <anything>.domain.com but unless it also includes an alternative CN for domain.com the bare domain.com will not be included.

Sorry for such a long answer but it can be a bit complicated. If you know exactly what you want to protect with the certificate any good agency that sells you a certificate can provide you with the best one.

Also you can get free certificates from startssl.com (https://www.startssl.com/) and their root CA (the thing that allows the browser to declare the site is safe) is in more and more browsers (firefox 3 for certain).

Quoting s0h0us () yahoo com:

I'm lookig for some comments regarding using SSL to encrypt connectivity to entire website as opposed to just certain critical connections such as an online banking link at a financial institutions. is this a more common practice now? Bandwidth wouldn't seem to be as big an issue as it was in the past with dialup connections. Can one SSL certificate be used to encrypt multiple links originating from the same site:
https://x.domain.com
https://y.domain.com

thanks for the feedback





Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse () rackspace com, and delete the original message.
Your cooperation is appreciated.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]