Hi,
can anyone recommend a good place to buy an inexpensive security cert?

Thanks for your time and help -Jason

You could try www.instantssl.com... $49 bucks.
Anyone else have other suggestions/deals?

John

Thanks John,
Do you konw if the Instant SSL ($49) one would work as a shared SSL so my customer's and resellers could also use it?

Thanks again.

You would just put it as the server's main certificate:

/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.key/server.key

This can be done from any domain use an Admin user. Admin users will only change the server's certificate, so adding the new values there will change it for everyone using the server.. or you can just do it manually :).

Your other websites would still get a SSL popup in their browsers, because the hostname wouldn't match, but it would still show your information in the cert.

John

Originally posted by DirectAdmin Support
Anyone else have other suggestions/deals?

John

RackShack sells GeoTrust QuickSSL certs for $39. I've only used them once before but its only $39 and they were great when I lost my RSA private key *oops* and quickly refunded my old certificate and issued a new one (within 7 days).

I would personally go with the great deal RS has on certs.. They are true Geotrust certs for only $39...

You can get other lower accepted certs for a bit less:
http://certs.ipsca.com/PRODUCTS/pricing.asp
http://www.freessl.com/

rackshack now offer them at $25... try and beat that :)

Originally posted by ProWebUK
]rackshack now offer them at $25... try and beat that :)
Tried. Can't :( . I always thought I was the lowest-priced cert provider, but now I know I'm not.

I'm curious, so this is a request to anyone with a RackShack cert: please let me know your URL; I want to see if RackShack's name is hidden in your cert.

Don't worry, I won't try to hack your system download your cert or anything similar; I'll just look at your cert details in my browser and examine all the fields.

You can do it yourself if you know how to check all the cert fields.

Jeff

just checked one (cant provide URL) and there is no rackshack there at all

Chris

Thanks.

Since they charge less than I get them for, I think I'm going to go ahead and buy one the next time I need a cert for one of my own domains; I'll try it out for browser ubiquity and for ease of installation.

Maybe I should make arrangements with GeoTrust similar to those I now have with Comodo (to resell their certs for less than they sell them for).

Jeff

Originally posted by jlasman
I'm curious, so this is a request to anyone with a RackShack cert: please let me know your URL; I want to see if RackShack's name is hidden in your cert.

https://provos.modernhosting.net

I installed a geotrust cert on that server that was bought from RS..


Originally posted by jlasman
Thanks.

Since they charge less than I get them for, I think I'm going to go ahead and buy one the next time I need a cert for one of my own domains; I'll try it out for browser ubiquity and for ease of installation.

Maybe I should make arrangements with GeoTrust similar to those I now have with Comodo (to resell their certs for less than they sell them for).

Jeff


Really your not gonna get a great deal from GeoTrust.. Infact I think RS sells the certs at a major loss just to bring traffic in.. Which seems to work :D

Thanks, Prohacker.

There's no RackShack info anywhere on the cert; it's an excellent buy at the price :) .

From looking at their site it doesn't look as if you have to host with them to get the price, so I'm not sure why they'd do a loss-leader.

In any event, I haven't decided yet whether to contact GeoTrust; they've been in touch with me before; they wanted me to sell their product when I first signed up with Comodo.

Again, thanks!

Jeff

you dont need to be a RS customer to purchase the certs :) and even with a partnership i doubt you will match the price that RS supply them at.... im sure RS have a huge contract with geotrust and are providing geotrust with lots of money to get them at that price...

Wow and I thought 50 buck was a great deal!
It's unbelievble the prices Versign charges!
I'm so happy I asked this question here.

Thanks everyone -Jason

Originally posted by ProWebUK
im sure RS have a huge contract with geotrust and are providing geotrust with lots of money to get them at that price...
Yes, but are you sure that we're not buying a lot of certs from Comodo :) ?

We are.

Jeff

Originally posted by jdlitson
Wow and I thought 50 buck was a great deal!
It is, Jason. It's just that the RackShack deal is a better one :) .

From the price you mentioned, my guess is you're buying InstantSSL certs from Comodo. We've been reselling their certs for some time now and we're quite happy with them. If you set yourself up as a reseller you'll get a better price from them, but certainly not $25.

Jeff

Originally posted by jlasman

From looking at their site it doesn't look as if you have to host with them to get the price, so I'm not sure why they'd do a loss-leader.


You don't have to host with them to get the cert at that cost... They would normally sell them at a loss to just bring traffic into their site.. Hey.. When your there buying a cheap cert you would see that they also offer very cheap prices on servers too :D

RS is known for under cutting anyone and everyone in the market.. And thats what they are good at.. And everything they provide that I've ever bought from them is excellent quality... When Robert says no one can beat them.. He's right :D

Yes, it is a great deal Jeff.
The only thing that has stoped me from buying the $50 cert is that I still need to updat my OpenSSL.
Looks like that's going to be a pain (for a beginner).

I am wondering now if the OpenSSL is good software?
Perhaps it would save time to use another SSL software so I don't have to keep fixing the OpenSSL holes.

Is there anything else that would be better security wise and still low cost? Does everyone here use OpenSSL?

I am assuming that OpenSSL would still need to be installed even though we buy a signed Cert?

-Jason :rolleyes:

Originally posted by The Prohacker
everything they provide that I've ever bought from them is excellent quality... When Robert says no one can beat them.. He's right :D

couldn't agree more :D

Originally posted by jdlitson
The only thing that has stoped me from buying the $50 cert is that I still need to updat my OpenSSL.
Looks like that's going to be a pain (for a beginner).
I'm presuming you're using a Red Hat system, based on RPMs. I'd be quite surprised if you don't have it installed. If you don't, then you should just get the most recent RPMs for your system from Red Hat and install them with:

# rpm -Uvh <rpm-file-name.rpm>

The RPM won't install if there are any dependencies, so you can then make a decision to install the dependencies.

Personally I use apt-rpm to keep a lot of systems up-to-date. We haven't any live DirectAdmin systems yet, but I'm going to try updating a test DirectAdmin system in the next few days and I'll let you know how it went.

apt-rpm should not hurt anything, it will only update packages that have the same name and main version number. But don't install it without the go-ahead from Mark, as I can't guarantee anything.

I am wondering now if the OpenSSL is good software?
I don't even know anyone who isn't using it for SSL on Red Hat Linux. Imho it's at least as secure as any other SSL implementation.

A few years ago, when the SSL code was still proprietary, Red Hat licensed the code and sold a secure server that just plugged into Red Hat Linux; it worked fine and plugged in easily. But it was much more complex than just installing SSL as part of Red Hat install as we do today.
Perhaps it would save time to use another SSL software so I don't have to keep fixing the OpenSSL holes.

Is there anything else that would be better security wise and still low cost?

Most of us are probably using mod_ssl, which uses OpenSSL <http://www.modssl.org/>.

There's an alternative apache product, Apache-ssl <http://www.apache-ssl.org/> but I don't know anyone using it, and it does notget installed as part of the Red Hat install.

I'd recommend, especially for aanyone using a server administration package (such as DirectAdmin, Plesk, CPanel, etc.), and certainly for newbies, that you stick with officially supported packages; otherwise you're completely on your own when it comes to support.
Does everyone here use OpenSSL?
I can't speak for others, but I'd be quite surprised if anyone was using any other implementation with DirectAdmin.
I am assuming that OpenSSL would still need to be installed even though we buy a signed Cert?
Yes. The certificate merely identifies your website and enables the encrypted data transfer.

Jeff

Wow,
Thanks Jeff, for all the great information.
I really aprereciate it.

I was surprised to see that security software such as SSL had security problems, but on the other hand even software you pay good money for have security holes. Guess that's just the nature of writing thousands of lines of code.

Thanks again for your help -Jason

Thank you, Jason...

I'm going to tell you my secret <smile>...

Years ago I sold my share of a small hosting company, and started a new one. I rented a Cobalt RaQ2 (it was a while ago :) ).

I knew a lot about Linux then (I know even more now) but didn't know anything about the Cobalt RaQ gui interface, so I joined the Cobalt mailing list.

Soon I became the "one eyed king in the valley of the blind" and started helping other people on the list; it seemed that with my background in Unix and Linux, learning the Cobalt interface was a piece of cake.

And now my business is 90% supporting other hosting companies with products and services) and 10% hosting customers myself.

I've never advertised my business. I just work hard to be as helpful as I can on the mailing list, and people read the list, and when they need work done, they call on me :) .

So I've decided to be as helpful as I can be on this forum as well :) .

Jeff

Great idea Jeff, and also very thoghtful of you.
I have also found that you tend to learn more and faster when you teach others. So it's a win win situation and if you can get some work from it then it pays off double.
I will also do my best to cotrubute on this forum and hope many others will do the same.

Have a nice day -Jason :D

Can you please tell me how I can get a cert from Radio Shack?

Thanks

radio shack???? you may find they dont sell em ;)

rackshack.net homepage on the right :D

Originally posted by The Prohacker
https://provos.modernhosting.net

I installed a geotrust cert on that server that was bought from RS..
:D

I know this is an older post but I just bought a $25 Rackshack GeoTrust cert to go on my site (https://www.artronix.biz). However, when you access my secure site there is a popup security alert that states that the CA Root Certificate is not trusted. I didn't get this when I visited your secure site. Any suggestions on how to solve this?
I contacted Rackshack but they basically said that for that price they could not provide support. I have also contacted GeoTrust and am awaiting their reply.
Thanks.
Craig

You didn't installed your certificate. This one is self-signed.

Originally posted by Arkansas
I contacted Rackshack but they basically said that for that price they could not provide support.

Make sure you have set it up correctly first, once you are sure speak to RS ant tell them its THEIR problem and they need to get it sorted. Good price or bad price the cert should not be issued by yourself and you should have no warning pop-up like that.

Make sure you get it fixed through RS, they are the ones that will be able to help you :)

Chris

How do I update mod_ssl to the latest version?

Cheers,
Matt :)

rpmfind.net
modssl.org

Chris

Thanks :)

A rackshack cert only does a basic domain check before giving you a cert. This is enough to protect a control panel, but is not recommended imo to protect a secure order form or a shopping cart.

The pricier certs will check that you have a registered business and some even offer a warranty that covers your transaction.

First of all, let it be known that I neither use nor recommend RackShack certs, but mostly because I resell someone else's :) and have been for several years.

Second let me point out my point of view about the guarantee and the so-called "registered business" you write about...

I, too, used to buy certs from one of the big guys (in fact from Verisign, and they certainly weren't cheap).

But let's consider the certs we buy... we either buy certs for ourselves or for our customers.

If we're buying a cert for ourselves we know if we're in business or not; we don't have to prove it to anyone.

And the guarantee doesn't protect us at all; it protects our customer under one very limited circumstance (please read the fine print and you'll see what I mean)...

The guarantee on the cert we buy only protects our customer if we're NOT who we say we are. In other words, if I say I'm (for example only) DirectAdmin, and I get a cert in DirectAdmin's name, and put that cert on an imitation DirectAdmin website, and somehow manage to trick DirectAdmin customers into logging into myseite, and I take money from them under false pretenses, then whoever I took money from will have the money refunded to them under the guarantee.

BUT... and it's a very important but...

If I buy a cert with a $100,000 guarantee, and someone else spoofs my domain and buys a cheap cert without a warranty to protect it... my customer doesn't get anything from the issuer of that cert (because there was no warranty), or the issuer of my cert (because my cert wasn't involved in the transaction).

So no matter how much extra I pay for a cert, my customer gets nothing as long as they end up on my website and I fill my promises. In fact, since the warranty is only that I am who I say I am, there's no benefit to either me or to my customer no matter how high a guaranty I have on the cert I buy.

When I buy a cert for my client, presumably I know they're a business, because I'm doing business with them.

If you really need to know if your client is a real business or not (and remember you don't have to be a business to buy a cert), you should have them pay you by a company check. Presumably if they have a company check they've been able to prove to their bank that they're a business.

The important thing is to make sure that the person who buys the cert for a given website actually has control over that website; we check whois records to see who owns the website, and we contact them at the address listed in the whois record, and wait until we get a reply, before we order the cert for our client.

The vendor who I resell offers certs at different prices, with and without warranty, and no one has ever bought a cert with a warranty from us.
Note that I am not a lawyer, and I recommend you read the warranty carefullly yourself and have your attorney review it, before you decide if it's worth extra money to your company to buy a cert with a warranty.

Jeff

I'll try to answer bit by bit
Originally posted by jlasman
If we're buying a cert for ourselves we know if we're in business or not; we don't have to prove it to anyone.

In this case we could just use a self-signed certificate, right? It has the same strength, but is not validated by a third party.

The only reason to not use a self-signed cert is that your visitor will see a warning that the cert is self-signed.

Most people don't understand warnings so they'd be confused.

Most people have no idea the purpose of a cert is to validate identity; they presume it's to protect data privacy.

(Actually it does both but the original point of it was to validate identity.)

Jeff

Originally posted by jlasman
The guarantee on the cert we buy only protects our customer if we're NOT who we say we are. In other words, if I say I'm (for example only) DirectAdmin, and I get a cert in DirectAdmin's name, and put that cert on an imitation DirectAdmin website, and somehow manage to trick DirectAdmin customers into logging into myseite, and I take money from them under false pretenses, then whoever I took money from will have the money refunded to them under the guarantee.

Exactly, so a consumer whos sees a warranty will feel safe, because if the site is bogus, he will get his money back.

One point for warranties ;)


Originally posted by jlasman
If I buy a cert with a $100,000 guarantee, and someone else spoofs my domain and buys a cheap cert without a warranty to protect it... my customer doesn't get anything from the issuer of that cert (because there was no warranty), or the issuer of my cert (because my cert wasn't involved in the transaction).

If our website has a warranty and if we educate users to only trust websites that get certificates from companies that actually verify the identities, then there is no problem with a spoof domain. There is no way they will get the cert with warranty.

Another point for warranties.

Originally posted by jlasman
When I buy a cert for my client, presumably I know they're a business, because I'm doing business with them.

If you really need to know if your client is a real business or not (and remember you don't have to be a business to buy a cert), you should have them pay you by a company check. Presumably if they have a company check they've been able to prove to their bank that they're a business.

The important thing is to make sure that the person who buys the cert for a given website actually has control over that website; we check whois records to see who owns the website, and we contact them at the address listed in the whois record, and wait until we get a reply, before we order the cert for our client.

Actually I don't do all those checkings. If the customer wants a cert with warranty, then my cert provider does all the checking for me. If my customer wants the basic cert, then he will get one as long as he doesn't sell anything on the web with it. Premium certs are not only about security and warranty, but also about marketing imo.

Originally posted by jlasman
The only reason to not use a self-signed cert is that your visitor will see a warning that the cert is self-signed.

Most people don't understand warnings so they'd be confused.

Most people have no idea the purpose of a cert is to validate identity; they presume it's to protect data privacy.

(Actually it does both but the original point of it was to validate identity.)

Jeff

I didn't understand you then. If you deal with unknown customers from the web, they probably don't know much about you.

I'm always talking about Premium certs for e-commerce or such, not to secure a cp.

Hello,

Great news. This evening a client asked me about CARootCertificates in DA... so I decided to quickly have a look. It was quite simple to add, so it's already coded and will be available for 1.197 :D:D I've tested it with this server temporarily, and woohoo! no popup! :D

For all SSL people, you just need to add:
carootcert=/full/path/to/carootcert

in your directadmin.conf file. You can probably do it now, then it will be instantly active when DA is updated (assuming you use ssl :))

John

Originally posted by interfasys
Exactly, so a consumer whos sees a warranty will feel safe, because if the site is bogus, he will get his money back.
Sounds reasonable...

But how does the end customer (your site's customer) know about the warranty? S/he knows about it because there's a seal on the site.

While every forgery I've seen so far is an exact copy of the original site, including any images. Including any warranty seal images.

The forger can even forge an active site seal; that's one that in real time will verify the referrring site is who you think it is.

If our website has a warranty and if we educate users to only trust websites that get certificates from companies that actually verify the identities, then there is no problem with a spoof domain.
You're writing about educating casual visitors to your site, and to your client's sites. How do you educate them to click on their browser certificate icon? eBay and PayPal have been trying for years, and their sites are (by my experience anyway) the most spoofed on the Internet.

There is no way they will get the cert with warranty.

They don't need to. The site visitor overwhelmingly doesn't know about warranties.

And in my experience they don't care. I first asked this question for a column I wrote years ago. Everyone polled said the purpose of a cert was to encrypt data; no one (without exception) said it was to assure identity.

Today perhaps there'd be a few.

Yet our experience in selling certs is that only one client has bought a "name-brand" cert; a Credit Union (that's a form of bank, for those of you outside of the US who may not understand the term).

Believe me I'd love to sell certs with warranties; we make significantly more when we do :) . But clients don't seem to think the warranties are valuable.

This is going to be my last post on this subject; it's quite off-topic for this forum.

Jeff

Originally posted by DirectAdmin Support
Great news. This evening a client asked me about CARootCertificates in DA... so I decided to quickly have a look. It was quite simple to add, so it's already coded and will be available for 1.197 :D:D I've tested it with this server temporarily, and woohoo! no popup! :D

I'm a bit confused; the Secure Cert installation page for my clients has always included this line:

Click Here to paste a CA Root Certificate

What does that mean, if not that you use it to install a CA Root Certificate?

Thanks.

Jeff

Hi Jeff,

In this case, I'm not referring to apache CA certs, but rather DA CA certs through SSL port 2222. :)

John

I personally think that the only thing matters really is that the certificate does its job: and that's to secure the connection.

As long as it's secure, I'm happy :D

Matt

Agreed, this was just a cosmetic feature.

You'll also like to hear that image caching is now working so ssl pages should load almost instantly (1.197). I also changed the location in the code where the certs are loaded, so instead of loading them once per request(which is quite inefficient), it loads them at startup only. These 2 things will *greatly* increase the speed of page loads :).

John

Originally posted by jlasman
While every forgery I've seen so far is an exact copy of the original site, including any images. Including any warranty seal images.

The forger can even forge an active site seal; that's one that in real time will verify the referrring site is who you think it is.

Very valid point....The fake site could even create his own brand of logos, Joe Average wouldn't know if those are valid or not.

Anyway, thanks for sharing your point of view. I think I'll conduct a local survey ;)

And back to the topic...Great news John!

Jeff, i think you will be quite shocked by this!

ChainedSSL / 128bit - $10 +tax :eek:

http://www.ev1servers.net/english/chainedssldetails.asp

No, I'm neither shocked nor surprised... ev1 has been selling chainedssl certs from GeoTrust for some time as a loss-leader for a while now. It's only natural they'd start selling freessl certs as well. Either cert costs them about the same, since the freessl cert they resell sells for $49 and they sell it for $25, and the freessl cert sells for $35, and they sell it for $10.

And GeoTrust has been fighting with and lying about Comodo for some time now; for example they argue that Comodo doesn't include support, but in fact Comodo publishes a toll-free U.S. telephone number and the operator puts you through to a UK support technician in seconds.

GeoTrust directs you to read about what it calls serious problems with Comodo at the SSL Review (www.sslreview.com) website.

SSL Review claims to be an impartial reviewer of SSL cert companies, but in fact is owned by the same person who owns GeoTrust. So it's no wonder they spend most of their time and space badmouthing Comodo. They disparage future availability of the Baltimore root Comodo uses although there's NO direct evidence it will ever become unavailable.

They point out that spammers have spoofed them and that they don't spam even though people have got spam directing them to the GeoTrust site. But they also claim that Comodo does spam, yet the copy of the spam they post on their site doesn't include headers so those of us who know how to trace spam can't possibly tell if it came from Comodo, or if it was spoofed.

These two companies continue to go after the low-priced market. Comodo has never disparaged GeoTrust; GeoTrust continually disparages Comodo. Frankly, I went with Comodo at least in part because I couldn't, after knowing GeoTrust's business practices, ever go with them.

Fwiw, if you check any of the geotrust websites you'll see the whois lists the owner at an emory.edu address. Kind of makes me wonder if he's stealing Emery University resources to run his company.

What I am annoyed by (this is again back about ev1) is that they say they'll add sales tax to each purchase.

While ev1 is located in Texas, and while Texas does apply sales tax to software purchases delivered electronically, ev1 is not permitted by law to collect Texas sales tax for items delivered outside of Texas.

And even if they have are a California merchant registered with the California State Board of Equalization, California does NOT collect sales tax for software delivered electronically.

Perhaps I should buy one, and then report them to the California State Board of Equalization.

:)

Jeff

I've always wondered if it was legal for companies in Texas or Florida to add sales tax to items sold to international customers.

That possibly is legal, as the prohibition is Constitutional, which protections don't apply to non-US citizens outside the US.

California and Florida law both require that if sales tax is collected it must be paid to the state. Florida let's the collector keep some as a commission, California does not.

I'm in business in Calfornia; my brother is in business in Florida, so I know the laws of both these states.

I've been in business in Texas in the past, but it was almost 30 years ago, and I don't know the sales tax law there anymore. I do know they charge sales tax on intangibles delivered over the 'net, though.

BTW, I've edited my post since you read it :) .

Jeff

Their site was down all weekend in preparation for this announcement.

$19.95 for chained certs
$49.00 for quickssl certs

And RHEL servers for the same price as plain redhat starting 01/01/04

Cant say a dual xeon 2.0GHz with 2x73GB SCSI HD's 1GB of ram with RHEL and 13+ GigE connections linked up isnt bad for $199 / month.

I will take 2 :D

and the SSL prices are still most definitely undercutting many of its competitors still, can you find geotrust SSL less than $49 and chained for $19?

Chris

Originally posted by ProWebUK
Cant say a dual xeon 2.0GHz with 2x73GB SCSI HD's 1GB of ram with RHEL and 13+ GigE connections linked up isnt bad for $199 / month.
We have no problem with those who sell their products for less; after all no one better than they know what their product is worth :) .
13+ GigE connections linked up
What do you mean by "linked up"? They, like the rest of the Internet, advertise their lowest-cost connections with the highest priority, and also use their lowest-cost connections as the highest priority outgoing.

The majority of their traffic in the past has always gone through connections that many ISPs consider to be slow and unreliable, but of course their willingness to advertise and use higher-cost routes when necessary makes up for that quite a bit.
I will take 2
You'd better make sure first that DA will run on them :) .

Jeff

Originally posted by jlasman
We have no problem with those who sell their products for less; after all no one better than they know what their product is worth :) .

What do you mean by "linked up"? They, like the rest of the Internet, advertise their lowest-cost connections with the highest priority, and also use their lowest-cost connections as the highest priority outgoing.

The majority of their traffic in the past has always gone through connections that many ISPs consider to be slow and unreliable, but of course their willingness to advertise and use higher-cost routes when necessary makes up for that quite a bit.

You'd better make sure first that DA will run on them :) .

Jeff


They have quite a few very good links..
http://www.ev1servers.net/english/aboutus/networks.asp

Even the 10mbit deals are no longer cogent only and are on their BGP4 network.. So all traffic is routed based on BGP4 metrics not the cost of the server...

I have a 150/month server from them and the network is great.. I've pulled 80mbit from it once..

And they do offer plain Redhat servers, which can have DA installed on them :D

Don't forget the "+ TAX" everywhere =)

Those new prices seem nice, can't wait to see the servermatrix counter attack, they can't be beaten for the lower end servers, including management.

We have used them for close to a year now, nothing can beat the service they provide at the cost they provide it, and it keeps on getting better and better :D

You wrote:
Even the 10mbit deals are no longer cogent only and are on their BGP4 network.. So all traffic is routed based on BGP4 metrics not the cost of the server...

I stand by the first line of my previous post, and also point out that the system is question is quoted at $249, which is still a good price on the face of it.

I suppose you're saying that "cost" isn't a programmable BGP4 metric. I'm not a BGP guru, but I just called my network specialist and he advises me that BGP can certainlly take it into account. All I know is the cost of some of the networks they use far exceeds the prices they charge. For example, they offer a Xeon server with 1200GB of monthly transfer for $249. That's 2.4 T-1 connections running full time at full speed for an entire month.

Of their 10 mbps connection servers, the only one available is Cogent only, for $349.

Looking at the others, starting at $399, I doubt they'd use others (besides Cogent) more than occasionally; my cost for 10 mbps connections, inside a Class A carrier-neutral datacenter (where we get the best pricing because of competition), is almost 7 times that.

You also wrote:
I have a 150/month server from them and the network is great.. I've pulled 80 mbit from it once..
You managed to pull the equivalent of almost 3 T-3 lines from them? That's quite impressive, though a bit hard to believe. Did you see number that from their monitor page, or from your own system?

Nevertheless, I was very heartened by the response to this thread, and decided to look into using ev1 for our main list-server for our mailing list business and a slave DNS server.

Lest you think this is a rant, I assure you that I don't mean it to be; I mean it to be an explanation of why I felt I couldn't use one or more of their rental servers. I really wish I could use some of their systems; at first glance their prices look quite reasonable.

The problems I ran into were (in no particular order but as I think of them):

* Lack of availability and misleading advertising. For example this morning (New Year's Eve, still 2003) looking at Intel Celeron Server Series, the home page says 91 servers available from $99/month, but clicking on and going to the page, there are only two servers available, one a Compaq DL320 with Ensim WEBppliance 3.1 for $129, and one a Compal DL320 with RHL 9 at $119. Mind you I have no problem with the DL320; I have one less than three feet from me as we speak, but where are those other 89 servers I can choose from? While I understand it may not be the easiest thing for them to update the page, I don't see any for $99, and only two available at all, not 91, and I think that's a bit misleading.

* No software updates once the operating system is installed. They supply out-of-the box RHL, of the version ordered; updating it to secure it is entirely up-to-you. From speaking with tech support it appears as if their sole "fix" available is to restore the system.

* Inefficient use of hard disk space. Your mileage may vary, but for me, I find it quite inefficient that they offer dual 60-gig drive systems but they won't set them up for software RAID. I don't need 120 gigabytes of space near as much as I need the protection of RAID. They do offer RAID on their Dual Xeon systems beginning at $349/month (only with CPanel and RHL9), but both are sold out. (They're also a bit higher priced than I'd like.)

* No customization of setup available. For example, their tech support tells me they only build linux servers with one partition scheme: a boot partition, a swap partition equal to 2x the memory, and the rest of the drive. While linux beginners and desktop users can get away with that (my desktop Linux systems are built that way), most experienced admins know that partitioning gives you lots of advantages, including flexibility with quotas, the ability to prevent hacks by loading your non-changing partitions as readonly (to prevent hackers from replacing your software with their own), and protection from runaway services filling your drives and making it impossible for you to log in.

Now some of these failures you can resolve yourself (you can keep the systems updated yourself, for example), but for me they just don't work.

My main concern is RAID. I don't run systems without RAID.

While it's no secret I have my own facilities, I need geographic dispersement (especially for DNS) and I do need to colocate in, or rent from, other locations for that.

I've found RAID-enabled servers, high speed processors and 1 Gig of RAM, with customized OS install, customized Memory size and other customization available, as well as software update service, at much lower prices than ev1 charges for their more sophisticated offerings.

To bring the thread back on topic, we remain happy with reselling Comodo certs, and I believe you will be, too.

If there's to be any more discussion on colocation and rental systems, we should probably move it to a different forum, perhaps even "Off-Topic", or perhaps to webhostingtalk.

Jeff

Originally posted by jlasman
* Lack of availability and misleading advertising. For example this morning (New Year's Eve, still 2003) looking at Intel Celeron Server Series, the home page says 91 servers available from $99/month, but clicking on and going to the page, there are only two servers available, one a Compaq DL320 with Ensim WEBppliance 3.1 for $129, and one a Compal DL320 with RHL 9 at $119. Mind you I have no problem with the DL320; I have one less than three feet from me as we speak, but where are those other 89 servers I can choose from? While I understand it may not be the easiest thing for them to update the page, I don't see any for $99, and only two available at all, not 91, and I think that's a bit misleading.

Go into live support and speak to sales, I have seen them put out servers on request previously and im fairly sure you would get what you want. I know at the moment they are trying to slow down sales until the new datacentre is ready (expected april 2004) Also, make sure you consider the fact they are expecting to release RHEL and FBSD *VERY* soon.

Originally posted by jlasman
* No software updates once the operating system is installed. They supply out-of-the box RHL, of the version ordered; updating it to secure it is entirely up-to-you. From speaking with tech support it appears as if their sole "fix" available is to restore the system.

OS updates are a bit of a pain, they are obviously possible at your own risk but the moment you install your own software etc the task becomes difficult. Dont forget they are 100% totally unmanaged servers although I will confirm that they will often check problems you have which are totally unsupported and even go into your box investyigating upon request in most cases. For OS updates (pretty much the one thing we cant do ourselves or dont *want* to do) we get an equivalent server then transfer all data..... its usually a VERY simple process since everything is virtually the same apart from the OS, this changes if you move panels etc though

Originally posted by jlasman
* Inefficient use of hard disk space. Your mileage may vary, but for me, I find it quite inefficient that they offer dual 60-gig drive systems but they won't set them up for software RAID. I don't need 120 gigabytes of space near as much as I need the protection of RAID. They do offer RAID on their Dual Xeon systems beginning at $349/month (only with CPanel and RHL9), but both are sold out. (They're also a bit higher priced than I'd like.)

Again, as above dont forget they are planning to offer RHEL and FBSD *VERY* soon, this could be one of the reasons although I advise you to contact sales regarding this if you want 1 immediatly :) ...

Originally posted by jlasman
* No customization of setup available. For example, their tech support tells me they only build linux servers with one partition scheme: a boot partition, a swap partition equal to 2x the memory, and the rest of the drive. While linux beginners and desktop users can get away with that (my desktop Linux systems are built that way), most experienced admins know that partitioning gives you lots of advantages, including flexibility with quotas, the ability to prevent hacks by loading your non-changing partitions as readonly (to prevent hackers from replacing your software with their own), and protection from runaway services filling your drives and making it impossible for you to log in.like.)

You can always repartion your drives and change your setup as you wish, the only difference is you have to spend a bit of time doing it :)


Originally posted by jlasman
I've found RAID-enabled servers, high speed processors and 1 Gig of RAM, with customized OS install, customized Memory size and other customization available, as well as software update service, at much lower prices than ev1 charges for their more sophisticated offerings.

With the dual xeons you can add memory up to 4GB, they, I would say are fast enough processors for most users and also have RAID.

Originally posted by jlasman
If there's to be any more discussion on colocation and rental systems, we should probably move it to a different forum

Who would of thought of that :p will split the topic now.

Chris

Any further discussions regarding server rental / co-lo can now be continued in the thread located at:

http://www.directadmin.com/forum/showthread.php?s=&threadid=1553

Chris

Originally posted by DirectAdmin Support
Hello,

Great news. This evening a client asked me about CARootCertificates in DA... so I decided to quickly have a look. It was quite simple to add, so it's already coded and will be available for 1.197 :D:D I've tested it with this server temporarily, and woohoo! no popup! :D

For all SSL people, you just need to add:
carootcert=/full/path/to/carootcert

in your directadmin.conf file. You can probably do it now, then it will be instantly active when DA is updated (assuming you use ssl :))

John

Worked great! thanks

Try these ones
http://www.cacert.org/
www.aimencrypt.com
http://www.freessl.com/ssl-certificate/free-certificate-thawte.html

Originally posted by e-view
http://www.cacert.org/
This cert is based on an untrusted root; your visitors will get the same kind of popup they do if you issue your own self-signed cert.
www.aimencrypt.com
Unless I'm reading something wrong these certs are only for AIM.
http://www.freessl.com/ssl-certificate/free-certificate-thawte.html
These are great certs. They use a trusted root, so you don't have to do that CACert install.

On the main page they're priced at $39/year. If you sign up for a dealer account, the price goes down to $29/year.

We like these certs so much we sell the same cert under our own label, for less.

Sign up as a dealer with us, and the cert is $24/year for a one-year cert, down to $21/year for a five-year cert.

And you can get installation from us for an additional $11.

See my post with complete information here (http://www.directadmin.com/forum/showthread.php?s=&threadid=5487&highlight=cert).

Jeff

Originally posted by jlasman
This cert is based on an untrusted root; your visitors will get the same kind of popup they do if you issue your own self-signed cert.

Jeff

This is changing...

http://blog.cacert.org/2005/11/110.html

Nokia has included the root certificate of CAcert into the new Nokia 770 Internet Tablet. This makes it possible to use secure websites, encrypt and digitally sign emails with free certificates from CAcert.org.

Currently Knoppix, Debian, Gentoo, Ubuntu, and other Linux distributions have incorporated CAcert into their products already, Nokia is the first commercial vendor to approve CAcert for it’s products. One of the main goals of CAcert was to be included in major browsers and CAcert continues to actively pursue other vendors such as Opera, Mozilla and Microsoft to be included as part of their browsers.

CAcert is a community certification authority that issues free SSL certificates worldwide for individuals and organisations, and CAcert aims to enable better privacy for the Internet. CAcert is committed to high standards of security and verification, to achieve this goal CAcert operates a worldwide network of Assurers who are verifying the identities according to the 4 eyes principle (or better), to have a high level of verification as it is of little benefit having security if you aren’t sure who you really are communicating with at the other end.

The majority of your visitors are probably still using Internet Explorer.

I still think it would be foolish to use a cert that's not accepted by Internet Explorer.

And possibly you'll want to consider how many people use IE5, which will never accept any certs it doesn't accept now.

But of course that's up to you.

Jeff

Well you can get a GeoTrust QuickSSL Premium and it will work on all domains on your server so meaning there will be no popup on any of your domains.

Originally posted by ProHS
Well you can get a GeoTrust QuickSSL Premium and it will work on all domains on your server so meaning there will be no popup on any of your domains.
How would you buy a GeoTrust QuickSSL Premium Certificate that will work on all domains?

What do you use for the common name, which needs to match your domain to avoid the error popup?

I just called my rep, and he assures me that GeoTrust won't issue a Certificate that will work for any site. Not even the wildcard Certificates work that way.

Jeff

Well how it works probably a wildcard like you suggested.

As for your rep saying that they won't release a certification like that well that is very untrue because they did, they advertise it saying it will work on your sites and your customers sites.

I have not contacted them on the detailes but i am sure there not going to charge you $94.00 for just a single 128 bit ssl certificate. Acourse in less i am reading it wrong but that is what it sounds like to me.

http://www.ev1servers.net/hosting/ssl/premium_details.asp

I'll start by pointing out that like EV1, we've signed a contract with GeoTrust, and we have access to the same information, and are bound by the same rules, as they are.
Originally posted by ProHS
Well how it works probably a wildcard like you suggested.
No. This is NOT a Wildcard Certificate. The Wildcard Certificate is significantly more expensive, and it works for (for example):

*.example.com

So if your domain is example.com and you can verify that, you can get a Wildcard Certificate for *.example.com.

GeoTrust sells the Wildcard Certificate for $899. EV1 doesn't sell them.

See the GeoTrust verification requirements here (http://www.geotrust.com/resources/cps/pdfs/QuickSSL_CPS.pdf) (look at page 10 of the PDF at this link):

But this is not a Wildcard Certificate. To get the QuickSSL Premium Certificate you have to type your Common Name into the CSR page. The Common Name is defined as your exact domain name as it will be typed into the browser, and this Certificate only works without a popup for the exact common name you've typed.
As for your rep saying that they won't release a certification like that well that is very untrue because they did, they advertise it saying it will work on your sites and your customers sites.
Read it again. It says:
you and your customers can conduct secure Internet transactions with confidence.
Which means exactly what it says ... you can buy it for yourself or for your customers.

with confidence means simply that you're paying more for this cert and it has a higher dollar value guarantee. Search for my posts here about the certs I sell (also GeoTrust certs) and you'll see why the guarantee is worthless. But nevertheless, it does have to be underwritten and that's why the cert is more expensive.
I have not contacted them on the details
But you should, before you post incorrect information that others may rely on. Especially in this case, because EV1 does NOT offer refunds if you buy by mistake.
but i am sure there not going to charge you $94.00 for just a single 128 bit ssl certificate.
Why not? GeoTrust sells the same cert for $249. And it's now 256-bit as are all newly issued GeoTrust certs.

You can find it here (http://www.geotrust.com/buy/geotrust_ssl_certs.asp).
Unless i am reading it wrong but that is what it sounds like to me.
You are reading it wrong.

If you look at the GeoTrust page I linked to above you'll see that GeoTrust considers $189 to be a low-priced Certificate.

Jeff