From owner-freebsd-questions@FreeBSD.ORG Sun Jan 9 06:23:47 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7573C16A4CE for ; Sun, 9 Jan 2005 06:23:47 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0045643D2D for ; Sun, 9 Jan 2005 06:23:47 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) j096NFj48932; Sat, 8 Jan 2005 22:23:16 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: Date: Sat, 8 Jan 2005 22:23:15 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <41DF9191.4070408@taborandtashell.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal cc: "Colin J. Raven" cc: Peter Risdon cc: FreeBSD Questions Subject: RE: Webmail Frontend to mailboxes. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jan 2005 06:23:47 -0000 > -----Original Message----- > From: Tabor Kelly [mailto:tkelly-freebsd-questions@taborandtashell.net] > Sent: Friday, January 07, 2005 11:54 PM > To: Ted Mittelstaedt > Cc: Peter Risdon; Colin J. Raven; FreeBSD Questions > Subject: Re: Webmail Frontend to mailboxes. > > > Ted Mittelstaedt wrote: > > > > > 5) many issues with getting Apache mod-SSL running properly with a > > self-signed > > key (you have to generate it manually with openssl, the apache > docs that > > say use make key or whatnot don't work) > > I am not doubting you that this was an issue. But it is now documented > quite nicely in the mod_ssl faq As I said, gotchas that were serious EARLIER ON. > (http://www.modssl.org/docs/2.8/ssl_faq.html). Also (as a side note), I > use CAcert (http://www.cacert.org) for my key signing needs. > Pointless for us, as CAcert's root certificate isn't included in I.E., so the end users have to go through the same honky-tonk to include it in their browsers as if you just make your own certs. We use self-signed certs for a great many production items - e-mail webinterface, account stats, imaps, etc. basically anything that a password would go over. Never had a customer have a problem inserting our self-signed cert into their browser, never had any complaints about it either. Only thing we don't do is take credit card#'s online - not because of the SSL issues, but because our credit card processing software is so old that we would either have to pay $500 for an update to it, or the bank requires us to only take #'s by phone or in person. So far nobody here has thought up a good enough reason to pay a bank $500 for new software just to be able to do this when the old software runs fine. We kind of feel that since the bank is saving money by not having to manually process a pack of CC paper slips, that we shouldn't be the ones paying for software to help the bank save itself money, you know? Maybe if it was some other vendor than a bank.... Ted