republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Expired Certs Cause Headaches > I don't use Verisign

Search Topic:
 Uniqs:
161		 Share Topic
Post a:
Post a:
AuthorAll Replies


Jason Levine
Premium
join:2001-07-13
USA

I don't use Verisign

Luckily, I don't use Verisign for SSL certs for my company's sites so users shouldn't experience any of the problems while browsing with us. We use GeoTrust instead. They are much less expensive.
to forum · permalink · 2004-01-08 17:24:33 ·


nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA

said by Jason Levine:
Luckily, I don't use Verisign for SSL certs for my company's sites so users shouldn't experience any of the problems while browsing with us. We use GeoTrust instead. They are much less expensive.
If you use any kind of certificates that make use of intermediate certificate authorities, you will potentially be effected some day. Using different company's certs won't insulate you from that. Eventually, all certificate authority certificates expire - even GeoTrust's.

The major benefit of buying each providers' top-end certificates is that they are signed against the root certificate authority rather than an intermediate authority. Root certificate authorities typically have a lifetime of up to twenty years. So, you'll likely never see the CA expiration problem within the lifetime of your server. Intermediate authorities typically have a maximum lifetime of seven years. So, if you've had a site for a while and have been getting your certificates issued against the same intermediate CA, you end up having this week's problem.

It's the nature of PKI. To have truly trustworthy sites, you need to set expirations on the trust devices (certificates). Root CA's about 20 years; intermediate CA's about 7 years; server certificates typically 1-2 years; and client certificates typically no longer than 1 year.

-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron"
to forum · permalink · 2004-01-09 01:10:30 ·


Jason Levine
Premium
join:2001-07-13
USA

said by nixen:
If you use any kind of certificates that make use of intermediate certificate authorities, you will potentially be effected some day. Using different company's certs won't insulate you from that. Eventually, all certificate authority certificates expire - even GeoTrust's.
Ah, thanks for the clarification. I just checked and it seems that GeoTrust's cert expires in 2018. So I'll have to worry about this in 14 years (if I'm using the same server and haven't updated the cert).
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/
to forum · permalink · 2004-01-09 08:44:37 ·
Forums > Expired Certs Cause Headaches

Sunday, 03-Jun 14:48:39 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics