Hello anyone used OpenSSL before?
Why do we need to pay for expensive SSL certs when there is OpenSSL which is provided free? Is there a difference?
I've got an ecommerce website, and wondering if OpenSSL is enough?
Your thoughts will be appreciated
Openssl is a library for performing various encryption tasks, so (other than the fact that it can manipulate them) it hasn't got much to do with ssl certs. The problem with a self signed cert (which openssl can generate for you) or something like a cacert is that most users won't have the root certificate on their machine so will see a 'untrusted certificate' warning when they visit your site (and of course this also means that you're open to a man in the middle type attack)
Fred
My domain registrar has Geotrust RapidSSL for $10 / year. Is this good enough SSL? Any other recommendations?
The two ends of the spectrum:
-
Verisign (http://www.verisign.com/): probably regarded as one of the most trusted SSL providers, but it certainly reflects in their pricing
-
StartSSL (http://www.startssl.com/): even provides a free certificate (trusted by browsers afaik), it’s more limited of course, but hey, that’s what free will give you
RapidSSL leans more towards StartSSL than Verisign. Also don’t forget you need a dedicated IP in order for your certificate to work properly!
Openssl is a library, what you pay for is, a certificate from a know certificate authority that is , a certificate created by someone like verysign because all browser know them and will not alert the user that the site is unknown/untrusted, so if you create you own certificate with openssl and you have an ecomerce site it will be a problem since all the browser will alert users that your site has an untrusted certificate and most user will not continue to your site, so that is why you have to buy a certificate from a known CA. Verysign is expensive but there are cheaper know CAs