Mobile app version of vmapp.org
Login or Join
Rambettina238

: Can we use open SSL to generate certifiicates for 100 customer websites? We have more then 100 customers and we need to set their websites up with SSL. Do we have to buy the SSL certificates

@Rambettina238

Posted in: #CertificateGeneration #Https #Openssl #SecurityCertificate

We have more then 100 customers and we need to set their websites up with SSL. Do we have to buy the SSL certificates from one of the companies (Godddy and etc) or we can use OpenSSL for free?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Rambettina238

2 Comments

Sorted by latest first Latest Oldest Best

 

@Moriarity557

It's a common mistake to think that when you create your own SSL certificate they are self-signed. You can also create your own CA, and sign your certificates with it (yeah, the CA certificate will be self signed too, but so are the "real" CA certificates - every certificate chain is started by the CA certificate, and CA is created from scratch). The main difference between acquired for some fee certificates and your own CA is that CA of the first ones is included in trusted certificate store of various software: OSes, browsers and stuff. Your CA certificate won't be included in these, meaning that customers will receive Unknown CA certificate warning (but you can instruct them to trust your CA). Second main difference is that companies like Thawte run a bunch of identification services, used to assure customers that "FooBar LLC" is indeed a "Foobar LLC", not a "BarFoo LLC" instead. This is almost all the differencies. Considering the technical side, using your own CA gives you the same technology as using acquired payment certificates - encryption mostly.

So, yes, you can use your own certificate chain.

10% popularity Vote Up Vote Down


 

@Sherry384

It's important to understand that SSL certificates come in two "flavors":


Self-signed - In which case, you generate them entirely on your own with no additional cost.
CA-signed - In which case, a recognized certificate authority (Symantec, GeoTrust, GoDaddy, etc) signs the cert.


Is this a public facing website? If so, then I'd strongly suggest purchasing a certificate issued by a certificate authority. Modern web browsers will present warnings/errors/alerts if the SSL certificate is self-signed which is not something you want web visitors to have to deal with.

Depending on your specific details (e.g. web server purposes, web addresses, etc), there may be other ways to save money (like purchasing a wildcard certificate that supports multiple addresses off of a common domain example1.foo.com, example2.foo.com, etc).

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme