On Mon, 10 Mar 2008, Joseph Norris wrote:
Questions:
Do I have to get an ssl certificate to make it work? ( cost ouch!) Is there a way around this using my own self-signed certificates? Is there a cheaper ssl certificate service?
When I was an admin at acm.jhu.edu, I had us use the free certificates for .edu hosts given out by ipsca.com. They were compatible and well-supported, and signed by the right authorities to have no error messages. (Except in some totally weird interaction with Mozilla, for which we opened a bug and which I *think* is fixed.) You can toy with https://secure.acm.jhu.edu/ and connecting via SSL'd IMAP to secure.acm.jhu.edu (port 993).
For my personal servers, I use the "RapidSSL" certificates sold by Geotrust. I can't seem to find the link for the vendor I use, but they seem to be widely resold for around $10-15 a year. The only serious complaint I can find on the web is that if you use their bulk purchasing option, be sure to read the fine print - your ability to use the bulk-purchased certificates goes away one year after you purchased them.
As for how to set them up, I always follow the Apache mod_ssl instructions and then use the certificates everywhere else on my system.
As for if any of this is truly "necessary," no idea. (-: I did it because I wanted SSL/TLS.
-- Asheesh.
-- It doesn't matter whether you win or lose -- until you lose.