Hi,
I´m trying to setup a webmail server with SSL protocol.
As I understand these are the correct steps (initial):
ok, I´m stuck at the last step:
-
who are these CA ? ie. like Verisign ?
-
how much do they charge for this ?
-
Doesn´t exist any free CA ?
-
isn´t there another method to just enable SSL for my webmail server ?, I just want a secure channel between my client and server, nothing else…
Thanks in advance for a clarification.
J. Carminati.
Subject: Need advice on setting a HTTPS webmail server
A few answers:1) Yes, verisign and others are Cert Authorities, but you can be your own CA
-
It’s outragous! We pay like $350 or so for each cert we have.
-
Yes, you can setup your server as the CA
-
No, you must use a key signed by a CA (but that can be you, see below)
This is the REAL issue. Your browser already trusts Verisign and many other CAs. When your browser comes to a site that wants to communicate via SSL it checks 3 things (valid date, cert name matches site name, and from a trusted source). Because your browser doesn’t already trust you as a CA you will get a “Security Alert”, which you can simply click Yes to proceed.
For webmail this is probably acceptable. For a site used by business partners or the public it usually is not.
For a quick cert; use the “Create Key Ring with Self Certified Certificate” option in your certsrv.nsf database.
Chris Harvey
http://chris.brotherhoodmutual.com
Subject: RE: Need advice on setting a HTTPS webmail server
Chris:
Thank you very much for your explanation!
I’ll try your suggestion today.
Best Regards,
J. Carminati.