He forgot one
|
| Author | Content |
|---|---|
| Sander_Marechal Aug 23, 2011 10:48 AM EDT |
Great article, but he forgot one reason: You cannot serve SSL from a shared hosting account, and many websites still use shared hosting because the hostname that the server needs to look up the correct certificate is also encrypted. There's a trick around that (called Server Name Indication). Most browsers support it, expect for (you guessed it) all IE versions running on XP (it works on Vista and later though). |
| techiem2 Aug 23, 2011 2:42 PM EDT |
Exactly my thoughts (without reading the article). 1. Shared hosting often either doesn't have ssl, or you have to use a specific server of theirs for ssl traffic (which means ssl host doesn't match your host etc etc). 2. Proper (i.e. not self-signed) SSL certs are still stupidly expensive (ESPECIALLY Wildcard Certs, which are what lots of people really need). I have SSL enabled on my site, but it's of course using self-signed certs. I do have the CA cert available for install though. Guess I'll go read the article now. |
| DrDubious Aug 23, 2011 4:01 PM EDT |
I kind of wish the Scary Error Messages firefox (and presumably others) use for self-signed certificates was a bit more rational. Am I mistaken in thinking that self-signed certificates could reasonably be described as "private, but not secure" (rather than "INVALID!")? Outside of places like banks and major social-networking sites, I'm usually much more worried about someone using the same network as me "sniffing" my traffic than I am about the possibility that someone somewhere else on the internet has managed to hijack DNS to steal my login for commenting on a random blog site. In those cases, self-signed certificates ought to be perfectly fine, shouldn't they? |
| techiem2 Aug 23, 2011 4:26 PM EDT |
My main complaint with the error messages is that YOU CAN'T TURN THEM OFF FOR A SITE.
You should be able to say "yes, I really do trust this site, stop asking me every time I visit".
I thought firefox let you do that at some point...but the option to remember is never enabled on any of the sites I've been to recently... |
| Steven_Rosenber Aug 23, 2011 4:40 PM EDT |
Sander, thanks for bringing this up. This is exactly the problem I have with my shared-hosting accounts. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!