Web Hosting Talk






PDA

View Full Version : "Chained" SSL certificates

mno
06-01-2003, 10:32 PM
Hi all,

Not sure if this is the right place to post this, but it's a security question. (Mods: Feel free to move this thread.)

I've come across a "chained" SSL certifiacte offered by FreeSSL: http://www.freessl.com/chainedssl/chainedssl_new.html

After reading the information, I'm clueless as to the differences between a "chained" and a normal SSL certificate.

Can someone please explain the difference?

Thanks,
Max
mno
06-01-2003, 10:46 PM
Nevermind, I found the link explaining the details. However, would you trust a chained SSL or would you get a normal SSL certificate?
pang
06-01-2003, 11:15 PM
Do you want your customers know you are not using a professional cert (as stated in the their site)?

If no, then I suggest you pay $20/year more and buying a cert from
instant SSL or
Geotrust cert in Rackshack.
mno
06-02-2003, 12:36 AM
Good point. I was under the wrong impression that ********** is also a "chained" SSL - as stated on FreeSSL's site:

Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates.

And as far as I understand, ********** is a part of Comodo. Am I missing something?

I'd definately prefer to pay $20 more and get a real SSL certificate.

Max
mno
06-02-2003, 12:38 AM
Also, ********** (Instant SSL) is blocked on WHT - a good indication that something's not right.
sprintserve
06-02-2003, 07:57 AM
We use instant ssl. They are fine for the purpose. They had been banned for a long time. Perhaps they unwittingly advertised here sometime in the past. In any case, their service are great and prompt. No issues at all
pang
06-02-2003, 09:42 AM
The point of FreeSSL site is not for money, but to make some of their compeitor looks bad. (my personal opinion only) So I never use FreeSSL product.

In fact, more browsers trust Instant SSL and ChainedSSL than Geotrust does. But, all are good to use.
mlovick
06-02-2003, 09:45 AM
Originally posted by mno
Also, ********** (Instant SSL) is blocked on WHT - a good indication that something's not right.

They were blocked for spamming.
There certs are OK though. I have had no complaints.
nainil
06-02-2003, 10:51 AM
You can never depend on a Chained SSL cert. Never. Never.!! It is highly vulnerable to attacks.
mno
06-02-2003, 12:57 PM
Thanks for your replies :) From the start I didn't really trust FreeSSL because I read about other people's experience with them. At this point, I'm seriously considering getting the GeoTrust certificate through my web host - they offer the same price as Rackshack does.

Thanks again,
Max
mlovick
06-02-2003, 01:37 PM
Originally posted by nainil
You can never depend on a Chained SSL cert. Never. Never.!! It is highly vulnerable to attacks.

OK - interesting:

http://www.its.monash.edu.au/security/auscert/2002-08/msg00043.html

I had not heard of this b4