Https setup Question

TheMSsForum.com: The Microsoft Software Forum

I'd like to create a secure section on a simple website I'm working on
using IIS and ASP.NET.

My understanding is that I need to setup https on the website to do
this. And that this requires some kind of certificate saying my website
is who it claims to be. I don't really understand the process you go
thru to do all this. It seems that the only way to get one if these
certificates however is to request one from a CA and pay them for it.

Is this really necessary? Is there someway to just self sign my
certificate. Obviously I'm no authority so It's not very trust worthy
but it seems like overkill to use a real CA, but I don't know if I have
any other options.

Any help would be appreciated. Thanks.
Top

Re: Https setup Question by Bob

Bob
Tue Jan 04 22:09:36 CST 2005

A turbo SSL certificate from GODaddy is only $30. Optionally you can
install certificate services on your Windows 2003 server and self-issue a
certificate. The only downside to this is that people will get errors when
coming to your site.

If you are planning on taking this production, I would recommend the GODaddy
cert.
http://www.godaddy.com/gdshop/ssl/ssl.asp
https://products.secureserver.net/products/faq_secureturbo.htm#WhatisCert


<wackyphill@yahoo.com> wrote in message
news:1104850485.632959.161860@c13g2000cwb.googlegroups.com...
> I'd like to create a secure section on a simple website I'm working on
> using IIS and ASP.NET.
>
> My understanding is that I need to setup https on the website to do
> this. And that this requires some kind of certificate saying my website
> is who it claims to be. I don't really understand the process you go
> thru to do all this. It seems that the only way to get one if these
> certificates however is to request one from a CA and pay them for it.
>
> Is this really necessary? Is there someway to just self sign my
> certificate. Obviously I'm no authority so It's not very trust worthy
> but it seems like overkill to use a real CA, but I don't know if I have
> any other options.
>
> Any help would be appreciated. Thanks.
>


Top

Re: Https setup Question by AlokKumar

AlokKumar
Thu Jan 06 11:37:04 CST 2005

If you want a free server certificate then download the open SSL package and
then you can generate a server certificate for yourself. The downside is that
the users will get a message that the certificate authority is not recognized
but they can still get to the site and the transmission will still be
encripted.
You can also use this in production if you know the users. You can send them
the CA and they can install that in their browser and then they will not get
any error message. But if this site is for public use then you might be
better off buying a recognized server certificate for your production server.

Alok Kumar

"Bob Christian" wrote:

> A turbo SSL certificate from GODaddy is only $30. Optionally you can
> install certificate services on your Windows 2003 server and self-issue a
> certificate. The only downside to this is that people will get errors when
> coming to your site.
>
> If you are planning on taking this production, I would recommend the GODaddy
> cert.
> http://www.godaddy.com/gdshop/ssl/ssl.asp
> https://products.secureserver.net/products/faq_secureturbo.htm#WhatisCert
>
>
> <wackyphill@yahoo.com> wrote in message
> news:1104850485.632959.161860@c13g2000cwb.googlegroups.com...
> > I'd like to create a secure section on a simple website I'm working on
> > using IIS and ASP.NET.
> >
> > My understanding is that I need to setup https on the website to do
> > this. And that this requires some kind of certificate saying my website
> > is who it claims to be. I don't really understand the process you go
> > thru to do all this. It seems that the only way to get one if these
> > certificates however is to request one from a CA and pay them for it.
> >
> > Is this really necessary? Is there someway to just self sign my
> > certificate. Obviously I'm no authority so It's not very trust worthy
> > but it seems like overkill to use a real CA, but I don't know if I have
> > any other options.
> >
> > Any help would be appreciated. Thanks.
> >
>
>
>
Top

Re: Https setup Question by Bob

Bob
Thu Jan 06 21:58:59 CST 2005

Just to note...Windows certificate services is an integrated product and
does not require an additional license to utilize. Thus, it is also a
"free" feature.

Bob
"Alok Kumar" <AlokKumar@discussions.microsoft.com> wrote in message
news:6B8567DF-C64C-43B3-ACF1-886B30595A41@microsoft.com...
> If you want a free server certificate then download the open SSL package
and
> then you can generate a server certificate for yourself. The downside is
that
> the users will get a message that the certificate authority is not
recognized
> but they can still get to the site and the transmission will still be
> encripted.
> You can also use this in production if you know the users. You can send
them
> the CA and they can install that in their browser and then they will not
get
> any error message. But if this site is for public use then you might be
> better off buying a recognized server certificate for your production
server.
>
> Alok Kumar
>
> "Bob Christian" wrote:
>
> > A turbo SSL certificate from GODaddy is only $30. Optionally you can
> > install certificate services on your Windows 2003 server and self-issue
a
> > certificate. The only downside to this is that people will get errors
when
> > coming to your site.
> >
> > If you are planning on taking this production, I would recommend the
GODaddy
> > cert.
> > http://www.godaddy.com/gdshop/ssl/ssl.asp
> >
https://products.secureserver.net/products/faq_secureturbo.htm#WhatisCert
> >
> >
> > <wackyphill@yahoo.com> wrote in message
> > news:1104850485.632959.161860@c13g2000cwb.googlegroups.com...
> > > I'd like to create a secure section on a simple website I'm working on
> > > using IIS and ASP.NET.
> > >
> > > My understanding is that I need to setup https on the website to do
> > > this. And that this requires some kind of certificate saying my
website
> > > is who it claims to be. I don't really understand the process you go
> > > thru to do all this. It seems that the only way to get one if these
> > > certificates however is to request one from a CA and pay them for it.
> > >
> > > Is this really necessary? Is there someway to just self sign my
> > > certificate. Obviously I'm no authority so It's not very trust worthy
> > > but it seems like overkill to use a real CA, but I don't know if I
have
> > > any other options.
> > >
> > > Any help would be appreciated. Thanks.
> > >
> >
> >
> >


Top