Secure server requirements


#1

I notice all plans are now listed as having SSL available; if I added a unique IP to my plan could I have access to secure server without a certificate? What are the bare minimum requirements?

There are a lot of times I’d like to post data encrypted but don’t care if there’s a cert on there or not

[color=#0000CC]jason[/color]


#2

Well a certificate is required.

However, you could use a self-signed certificate if you’re only worried about keeping the data encrypted and don’t mind dealing with the warnings from your browser.


#3

browser warnings?! Like the ones you get if you try to access the kabase through kbase.newdream.net? =D I just traded my bookmark for the new URL, that’s much better =)

So , would need a unique IP? and if I was going to do my own self signed certificate how would I generate the key? or make the cert for that matter, with the user level access I have? Just did a quick run through of some documentation on this for redhat and it looks like I can’t do this by myself?

Just curiosity at this point because, as always, you get what you pay for (cert and IP lookin gooood), but do you have any good links that would be of use for generating the key and making the cert on dreamhost/debian? Just something I could go over to satisfy the curiosity and maybe expand my mind a bit?

thanks will

[color=#0000CC]jason[/color]


#4

oof! thanks. I’d actually browsed that therad a few days ago and it was gone from memory.

I did have a go at the info you linked to, very nice and I thank you. Hope I didn’t mess anything up too bad while I was in there aping all that stuff :wink:

It generated the key for me but had all kind of errors relating to the config file, couldn’t find it. I used

/home/username/opt/LocalCA/LocalCA.cnf (yes I did create the config file and put it right thar)

… was wondering if it because of my lack of unique IP address that it was not found?

thanks for the pointers, and forgive the ignorance =)

[color=#0000CC]jason[/color]


#5

[quote]So , would need a unique IP?

[/quote]

Yeah - SSL sites always require a unique IP.

[quote]if I was going to do my own self signed certificate how would I generate the key?

[/quote]

You can do this with the tools that are already installed on the server.

Some info on creating your own CA at:
http://slwww.epfl.ch/SIC/SL/CA/

In this case, that’s probably overkill, but the instructions for cert generation should be useful.


#6

Is that always always, or always at DH?

[/quote]

My understanding is “always always”, or at least for all intents and purposes. It’s been explained to me, but to be honest, I totally forget.

I think there are some workarounds in newer versions of the SSL protocol, but none that are yet totally practical. I did a quick Google and didn’t find a good description of the exact reasons, but someone else might be more successful.