[olug] Web Site Certificates - OT
Obi-Wan
obiwan at jedi.com
Thu Jul 31 21:26:29 UTC 2008
>> Yes, but you can install such a cert on a single reverse proxy box
>> (like Pound or Squid) that then feeds to any number of back-end servers
>> that run the actual web sites. That's what we do at work.
>
> That'd certainly be a waste of bandwidth when the machines are distributed
> across the globe. Not to mention destroying any kind of redundancy...
Yes, but that's not the case in many environments. All of our back
end servers sit within a 30' radius.
> How about a community SSL authority that doesn't charge $ for a simple
> process?
CACert still isn't recognized by most browsers by default, so the same
problem still exists. You're teaching people to ignore a warning that
may save them someday if heeded.
--
Ben "Obi-Wan" Hollingsworth obiwan at jedi.com
The stuff of earth competes for the allegiance I owe only to the
Giver of all good things, so if I stand, let me stand on the
promise that You will pull me through. -- Rich Mullins
More information about the OLUG
mailing list