Hi there,

I tried a version of freeSSL. When logging in to an account on the server with https, clicking on the lock to the right at the bottom of the browsers shows:

"Certificate is self-signed and thus may not be trustworthy"

Is it correct that this is because the CSR and key were generated via WHM and not at a signing company like Verisign or Thawte? I were told that this were the reason why this error comes up when it is tried to be accessed by other users. But I were also told that this does not affect the secure transfer in any way and that the above error message could very well be ignored.

Can anybody confirm this?

Thanks
John

That key is ok and users will be able to access secure web site, but users will see message in their browser informing that key isn't authorised.

Thank you for confirming it :)

John

agree its fine

anybody going to this page will be over https (encrypted)


there is no real technical difference between self-signed certs and thoes you get form a CA

Its just that they are in the business of making strong keys and keeping them secure

(i.e a verisign cert is simply a self signed cert that happens to come from a company that people (i.e. the market) trust.

checkout http://www.pki-page.org/ for more info

BTY : FreeSSL is something I have not heard of much before

you might consider looking at openSSL which IMHO is more well established

hololi

geotrust.com is one as well that works great and is less expensive.

Though I'm wondering if you installed the freeSSL cert correctly. I use it for testing purposes and have never run across a message saying that it is self signed. (using ie and mozilla both)

Thank you for your input. I'll take a look at the certificates that you suggested. I have heard that freeSSL should be good enough though. - When clicking on the lock it says something about not being trusted, but I suppose then that this doesn't really matter. So I'll try it out for a period and then maybe choose one of the other certificates.

John