Did you know that if you required an SSL certificate for your organization, your domain information needs to be public.
When registering a domain name you can have all information related to your organization, assigned personal, address, etc. hidden under the hosting company or register.com.If this is the case, VeriSign will not issue a digital certificate. You need to make the information public, at least till you get it.
VeriSign contacts you in person after placing the request, asks a couple of questions, then forwards you the certificate files.
#1 by Mahbob on March 11, 2009 - 9:20 PM
yes my friend I did it before . it is for security reason that when I browse your web I can view these information so in case of web fraud some one copping your site I can verify these info
#2 by Bloggylife on March 12, 2009 - 7:30 AM
Yeah, they even call you in person, and ask you simple questions … I thought maybe they’re making sure, I’m not an automated answering machine ;P bas thank GOD all went well
#3 by Bashar on March 12, 2009 - 11:18 AM
It didn’t use to be like this I think before Sept 11. As I recall it was reactive measures. Also, the point of an SSL certificate is to certify this entity is what it claims to be. So if your information is private, how can I certify it’s you.
I agree though ArabTrust who handle (or used to handle at least) VeriSign for Arab region are just nightmares. And the wait for the call for us took more than a week.
So you’re doing some online payment or public login then
.
#4 by Bloggylife on March 12, 2009 - 1:18 PM
Well I thought if we were renewing it, then we don’t have to go through the process again!
ArabTrust still handles it and I managed to get it done and over within 2 days
7anaaaaaa 3ala el-telephone ;P … we were expiring … makan lee khilq -this is not a trusted certificate you’re installing scenario- ;D
#5 by Bashar on March 12, 2009 - 1:28 PM
I c. Well where I used to work, they didnt care for 2 weeks of online payment down coz of this
Renew is meant to reensure as well your identity didn’t change. Think about it otherwise.
#6 by MBH on March 12, 2009 - 5:00 PM
Self-signed certificates ftw!
#7 by Bashar on March 12, 2009 - 5:05 PM
MBH: Yes but self-signed won’t help a lot publically would they?
#8 by MBH on March 12, 2009 - 5:10 PM
Apart from the tiny annoyance of adding the certificate manually to the browser, not much of a big deal.
Did you read about the new breach in SSL certificates?
A group of researches showed that it was possible to recreate a CA author certificate with the same signature of a very well-known CA author. Using that certificate you could sign fake legitimate certificates.
I think it was presented at the Black Hat conference.
#9 by Bloggylife on March 12, 2009 - 10:04 PM
I’ve read that, but can’t recall the details! I believe there was a diagram explaining it all. But the thing is normal users won’t understand that this is a legitimate site and they need to install the certificate manually even though it says “not trusted” and if they go ahead and trust this site, then they’ll just go ahead and trust other “not supposed to trust” sites … ya3nee sometimes, we have to follow the system.
#10 by nemo on March 13, 2009 - 12:15 AM
yeah true .. we had to go thru all of this .. and we had another problem too .. the domain’s owner had to match the company name, in our case it didn’t
#11 by Bashar on March 13, 2009 - 12:48 AM
MBH: I didn’t hear about the fake identity, but never thought its impossible. Still, majority of people won’t trust or like a self-signed certificate, and it would give bad image. Another thing is, if certificate is not valid, you can’t do certain tasks like Knet payment. It simply won’t work.
#12 by MBH on March 13, 2009 - 1:36 PM
It depends on the nature of your company/organization. My company is a retail one and have no use for a paid certificate, unless one day they decide to do online payment.
This is the link to the article: MD5 considered harmful today: Creating a rogue CA certificate
#13 by Bloggylife on March 13, 2009 - 1:47 PM
most universities use self issued certificates within their campuses’ secure communication, saves money
#14 by Bashar on March 13, 2009 - 3:36 PM
MBH: Yes in your case then it might make sense.
Bloggylife: Is it really a money saving? SSL Certificate costs that much?
#15 by Bashar on March 13, 2009 - 3:36 PM
MBH: Thanks for the link. That’s a long one
.
#16 by Bloggylife on March 13, 2009 - 3:56 PM
over 500 KD for a single one for two years
#17 by Bashar on March 13, 2009 - 4:55 PM
Hmm.. been sometime since I ordered one
Yeah that’s not bad.
#18 by Marzouq on March 16, 2009 - 6:17 AM
You are correct in taking these steps! The process is a bit of pain but once its done thats fantastic! The most annoying part is getting it to work with equipment that require it for public login!