On Mon, 8 Mar 2004, Robert Hartung* wrote: > > Hi all, > This may be too basic a question but I would like some > opinions. So here goes: > > We are setting up a small web viewer to distribute medical > x-ray images and reports under SSL. We will be collecting no > information from the clients. This is a one way street. We > plan on using SSL, but I wonder if it is necessary to pay > Verisign US$1600 every two years for their certificate? > > Thanks. All input appreciated. > > Bob Hartung Certificate Authorities like Verisign confirm that you are really who you say you are and their certificates are already preloaded on everyone's PC. Redhat sticks all the commercial CA's into a file called /usr/share/ssl/certs/ca-bundle.crt. Microsoft have a similar file somewhere. You can accomplish the same thing by using a self signed certificate but you have the problem of getting your self signed CA added to your client's bundle. When your clients first log into your server they will see a popup saying that your certificate is unknown and will be asked if they want to proceed. They can add your cert to their bundle at this time. This is quite workable if you have a limited number of known clients who you can instruct ahead of time on what to expect/do. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
