SSL Certificate

> On Wed, Dec 3, 2008 at 2:55 PM, Gary Kramlich <grim@...> wrote:
> > Mark Doliner wrote:
> >> How do people feel about actually buying a certificate?  Is it worth
> >> it?  If we get a certificate for only developer.pidgin.im it's about
> >> $27 a year.
> >
> > Where did you find a cert for $27/year?!
>
> http://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979 when buying for a
> single domain for 2 or more years.
>
> -Mark

> Mark Doliner wrote:
>> On Wed, Dec 3, 2008 at 2:55 PM, Gary Kramlich <grim@...> wrote:
>>> Mark Doliner wrote:
>>>> How do people feel about actually buying a certificate?  Is it worth
>>>> it?  If we get a certificate for only developer.pidgin.im it's about
>>>> $27 a year.
>>> Where did you find a cert for $27/year?!
>>
>> http://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979 when buying for a
>> single domain for 2 or more years.
>>
>
> I can get us a cert for $19.95 per year or less possibly through work:
>
> http://steadfast.net/services/ssl.php
>
> The certs are signed by Comodo.

> On Wed, Dec 3, 2008 at 3:33 PM, Kevin Stange <kevin@...> wrote:
> > Mark Doliner wrote:
> >> On Wed, Dec 3, 2008 at 2:55 PM, Gary Kramlich <grim@...> wrote:
> >>> Mark Doliner wrote:
> >>>> How do people feel about actually buying a certificate?  Is it worth
> >>>> it?  If we get a certificate for only developer.pidgin.im it's about
> >>>> $27 a year.
> >>> Where did you find a cert for $27/year?!
> >>
> >> http://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979 when buying for a
> >> single domain for 2 or more years.
> >>
> >
> > I can get us a cert for $19.95 per year or less possibly through work:
> >
> > http://steadfast.net/services/ssl.php
> >
> > The certs are signed by Comodo.
>
> Alright, I bought a 5 year certificate from Steadfast/Comodo at the
> discounted rate of $14.95 per year (because they like us :-) ).  It's
> now installed on developer.pidgin.im, and is only used for
> https://developer.pidgin.im/login.  Let me know if you notice any
> problems.  Also, there were a some files in the /etc/ssl/certs/ and
> /etc/ssl/private/ directories on imperial that I suspect are no longer
> being used.  I created an "old" subdirectory and moved the files
> there.  If that breaks anything we can move them back.
>
> And I got a free StartCom certificate through xmpp.org
> (http://xmpp.org/ca/) which we're using for ejabberd on
> rock.pidgin.im.
>
> -Mark

> On Mon, 2008-12-08 at 14:45 -0800, Mark Doliner wrote:
>> Alright, I bought a 5 year certificate from Steadfast/Comodo at the
>> discounted rate of $14.95 per year (because they like us :-) ).  It's
>> now installed on developer.pidgin.im, and is only used for
>> https://developer.pidgin.im/login.  Let me know if you notice any
>> problems.
>
> Is there an intermediate CA certificate that needs to be configured on
> the webserver to complete the chain so FF3 can trust this? Or is this
> just a poor choice of CA?

> On Mon, Dec 8, 2008 at 6:00 PM, Stu Tomlinson <stu@...> wrote:
>> On Mon, 2008-12-08 at 14:45 -0800, Mark Doliner wrote:
>>> Alright, I bought a 5 year certificate from Steadfast/Comodo at the
>>> discounted rate of $14.95 per year (because they like us :-) ).  It's
>>> now installed on developer.pidgin.im, and is only used for
>>> https://developer.pidgin.im/login.  Let me know if you notice any
>>> problems.
>>
>> Is there an intermediate CA certificate that needs to be configured on
>> the webserver to complete the chain so FF3 can trust this? Or is this
>> just a poor choice of CA?
>
> My Firefox 3 doesn't complain about the certificate, but feel free to
> fiddle with it.  Everything I was emailed can be found on imperial at
> /etc/ssl/private/all_sslcertificate_stuff_from_steadfast_comodo/
>
> And the two files lighttpd is using are
> /etc/ssl/private/developer.pidgin.im.certkey.pem and
> /etc/ssl/certs/developer_pidgin_im.crt