SSL certificates

From Organic Design
Legacy.svg Legacy: This article describes a concept that has been superseded in the course of ongoing development on the Organic Design wiki. Please do not develop this any further or base work on this concept, this is only useful for a historic record of work done. You may find a link to the currently used concept or function in this article, if not you can contact the author to find out what has taken the place of this legacy item.

Wildcard certs

RapidSSL do a cheap wildcard cert for US$199 (around half price), but we found that the untrusted root authority still occurs for Windows XP. This means the users will be required to add an exception, which they'd need to do even if we just use a self-signed certificate.

Exmaple images

XP security alert.jpg

XP import certificate wizard.jpg

XP successful certificate import.jpg

Alternatives to Certificate Authorities

Hackers May Have Nabbed Over 200 SSL Certificates 
"Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project — a considerably higher number than DigiNotar has acknowledged earlier this week when it said 'several dozen' certificates had been acquired by attackers. Among the certificates acquired by the attackers in a mid-July hack of DigiNotar, Van de Looy's source said, were ones valid for, and, a system that lets people connect to the Web anonymously. Mozilla confirmed that a certificate for its add-on site had been obtained by the DigiNotar attackers. 'DigiNotar informed us that they issued fraudulent certs for in July, and revoked them within a few days of issue,' Johnathan Nightingale, director of Firefox development, said Wednesday. Looy's number is similar to the tally of certificates that Google has blacklisted in Chrome."
  • - An agile, distributed, and secure strategy for replacing Certificate Authorities
  • - a new approach to helping computers communicate securely on the Internet. With Perspectives, public “network notary” servers regularly monitor the SSL certificates used by 100,000s+ websites to help your browser detect “man-in-the-middle” attacks without relying on certificate authorities.