Threaded Mode | Linear Mode

tioan · 07-31-2007 10:19 PM

Hi,
for ssl support in ispcp Cacert will be a good solution because it support more than one Domain per IP with SubjectAltName. So we didnt need an ssl proxy or so to support ssl for every hosted domain, only an wrapper that use http://wiki.cacert.org/wiki/VhostTaskForce. I think the is better than every ssl proxy.

***ephigenie*** · 07-31-2007 10:37 PM

We're aware of free - certificates - but those you mentioned as well as some others are only supported by a minority of browsers.

Although in Germany 30+% use firefox/mozilla based browsers there're at 70% left with other browser where i guess that 65% is IE.
For the Rest of the World it looks equal.

For this website it looks a bit different - but i think its related to the fact, that most of us are somehow IT-related and have a natural annoyance against IE & co. Wink

.

But we can not ignore our Customers and their Customers....

Even officially Multisite Certificates are not supported by most Browsers ...
(or wildcard certificates etc...)

FYI Browser distribution on isp-control.net
rank Name visits percent

1. Firefox 52.831 64,14%
2. Internet Explorer 18.130 22,01%
3. Opera 5.031 6,11%
4. Mozilla 3.969 4,82%
5. Safari 1.223 1,48%
6. Konqueror 847 1,03%
7. Camino 205 0,25%
8. gzip 57 0,07%
9. Netscape 31 0,04%
10. Mozilla Compatible Agent 18 0,02%

tioan · 08-01-2007 04:54 AM

ephigenie Wrote:Even officially Multisite Certificates are not supported by most Browsers ...
(or wildcard certificates etc...)

This are support by most browser ( Ie Firefox Opera Safari and so one, and yes Cacert isn´t allready in the browsers, but you only need to import one time the cacert root cert and every cacert cert work without problems.) And i think one time import of certs is better then some ssl proxy

rbtux · 08-01-2007 05:14 AM

ssl proxy is the better way if you use some thirdparty trusted certificates...

do you know what a wildcard certificate of a trusted ca costs? too much!

***ephigenie*** · 08-01-2007 05:54 AM

tioan Wrote:
ephigenie Wrote:Even officially Multisite Certificates are not supported by most Browsers ...
(or wildcard certificates etc...)
but you only need to import one time the cacert root cert and every cacert cert work without problems.) And i think one time import of certs is better then some ssl proxy

This only sentence is the whole thing between "trusted" certificates and selfmade ones.

Threaded Mode \| Linear Mode CaCert support for ssl
Author	Message