On Fri, 2007-01-19 at 15:35 -0500, Jonathan Billings wrote: > Of course, for public-facing sites, you'll want to consider paying for a > certificate that is already in the client's web client. Since you're > requiring the end user to install a certificate chain, it really isn't > much better than using your own SSL root certificate -- it'll require a > minor hassle for the user. The chain certs that you have to install for InstantSSL and others like that are installed server side, not client side. When correctly configured (which isn't hard w/mod_ssl), the client never notices. My own opinion is that like everything else Verisign does, you pay a premium for brand recognition. With SSL certificates, like DNS registration, clients don't actually ever notice or care. All the "Premium" and "Gold" and "Extra Secure" blah blah blah are, as far as I can tell, just marketing BS (with the exception of when it actually entails increased key lengths). When was the last time you, as a trained IT professional, actually looked at the issuer of the certificate for a site you were visiting (except, of course, troubleshooting your own stuff)? Wil -- Wil Cooley <wcooley@nakedape.cc> http://nakedape.cc
This is a digitally signed message part