This might be over a lot of peoples heads. Heck its a little over mine. But the fact that it involves Firefox and chrome and IE made me think. Im talking about SSL. You know when you visit a site in firefox that uses HTTPS but comes up and says unverified CERT. You have click and click and click to say verified...get me to the site... Im thinking this process is how firefox and other browser companies bank in loads of money. Here is what im thinking.
Kind of a little thing on how SSL works behind the scenes. These days when you want to have a cert for your HTTPS site to be secure so those errors dont pop up, you use something like openssl to generate the cert on a local computer. From there it will generate a .csr file which you then send off to a company like Verisign for hundreds of dollars. As a matter of fact there are a handful of CA (certificate authority) companies out there that do just this. They charge a nominal fee to "verify" your cert. By verifying, all they do is take the information from the .csr like the address, domain, phone number, etc.. and make a call and drill questions. "Is this your address?" "Is this your phone number?" and if everything checks out, they say VERIFIED! and send the proper file back for the client to insert into their web server. After that, no more errors saying invalid cert and everyone feels all fuzzy inside. Here is where my worms start to crawl out:
Spending hundreds of dollars or not, anyone out there can VERIFY/Sign their own CERT for their website so it will be properly encrypted. It doesnt take a phone call to answer some questions to make a website secure. If you open firefox and navigate to TOOLS>OPTIONS>ADVANCED>VIEW CERTIFICATES You will see all the CA companies that are pre-populated in that list. By being in that list those sites certs wont come up with that error and little granny doesnt have to worry if she is visiting a bad site or not. Knowing that anyone can generate their own cert, Sign it them selves, and add it to thier website to make it PROPERLY SECURE, why do you have to click a bunch of buttons saying its not?
My best guess is these companies pay browser makers to implement these features so that people will have to pay CA companies to not get a message that scares most people. If you see the little lock in the lower right corner and you are on an HTTPS site, your secure! Obviously there is a lot more to it than that e.g. a site can be fraudulent or is hacked behind the scenes but still be secure. My point being is why do website owners have to pay hundreds of dollars to get a phone call to make a site "VERIFIED"?????
Ill tell you what, I would be one heck of a business to get into. Start your own CA company. Charge 30-50 bucks to sign a cert that all it takes is to type a single command in OPENSSL and send it on its merry way. Quick easy cash. The only draw back would be to spend hundreds of thousands of dollars to have your company be put in the list of CERT verified companies in thier next update.
I hope this makes since, I explained as best I could...(i dont do that very well)
Wanted to open a can of worms...
- Dragon_Cooler
- Legit Extremist
- Posts: 2405
- Joined: Wed Oct 12, 2005 10:17 am
- Location: DFW Texas
- Contact:
Re: Wanted to open a can of worms...
Phenom II 1075T,Phenom II 1090T,Intel i7 870
Gigabyte 890XA-UD3
Evga GTX460
8 GB Corsair
Agility2 120GB SSD
Dual 24" Samsungs LCD's
Gigabyte 890XA-UD3
Evga GTX460
8 GB Corsair
Agility2 120GB SSD
Dual 24" Samsungs LCD's
- dicecca112
- Site Admin
- Posts: 5014
- Joined: Mon Mar 01, 2004 10:40 am
- Contact:
Re: Wanted to open a can of worms...
Plus if you have a Windows Server OS you can create your own Certificate Authority, and issue your own

Re: Wanted to open a can of worms...
dicecca112 wrote:Plus if you have a Windows Server OS you can create your own Certificate Authority, and issue your own
which you pretty much have to do if you want to use windows mobile phones, etc. without paying one of the big guys....

Phenom II 1075T,Phenom II 1090T,Intel i7 870
Gigabyte 890XA-UD3
Evga GTX460
8 GB Corsair
Agility2 120GB SSD
Dual 24" Samsungs LCD's
Gigabyte 890XA-UD3
Evga GTX460
8 GB Corsair
Agility2 120GB SSD
Dual 24" Samsungs LCD's
- dicecca112
- Site Admin
- Posts: 5014
- Joined: Mon Mar 01, 2004 10:40 am
- Contact:
Re: Wanted to open a can of worms...
Darkstar wrote:dicecca112 wrote:Plus if you have a Windows Server OS you can create your own Certificate Authority, and issue your own
which you pretty much have to do if you want to use windows mobile phones, etc. without paying one of the big guys....
Hey I set one up for work, it can't be that hard if I can do it


Re: Wanted to open a can of worms...
Its notdicecca112 wrote:Darkstar wrote:dicecca112 wrote:Plus if you have a Windows Server OS you can create your own Certificate Authority, and issue your own
which you pretty much have to do if you want to use windows mobile phones, etc. without paying one of the big guys....
Hey I set one up for work, it can't be that hard if I can do it



Phenom II 1075T,Phenom II 1090T,Intel i7 870
Gigabyte 890XA-UD3
Evga GTX460
8 GB Corsair
Agility2 120GB SSD
Dual 24" Samsungs LCD's
Gigabyte 890XA-UD3
Evga GTX460
8 GB Corsair
Agility2 120GB SSD
Dual 24" Samsungs LCD's
- Sporg
- Legit Extremist
- Posts: 1200
- Joined: Mon Dec 11, 2006 10:22 am
- Location: Kansas City Area
- Contact:
Re: Wanted to open a can of worms...
Ah crap, thanks for the reminder on figuring out a client problem. Stupid Palm Centro and exchange 2003 not communicating...GARRRRR!!!!
I would never die for my beliefs because I might be wrong.
~Bertrand Russell
~Bertrand Russell
- Dragon_Cooler
- Legit Extremist
- Posts: 2405
- Joined: Wed Oct 12, 2005 10:17 am
- Location: DFW Texas
- Contact:
Re: Wanted to open a can of worms...
That is the thing.. Anyone can create thier own and sign and verify it. But if you create your own it will come up with the cert verification error that you have to click "I understand the risks" etc...dicecca112 wrote:Plus if you have a Windows Server OS you can create your own Certificate Authority, and issue your own
Did no one see where I was getting at? lol
If your cert isnt made through verisign or those companies in the list in firefox it comes up with that error. People that dont know any better see that error and dont visit the site. So you are left to pay money to get a "verified" cert so people will visit your site.

- dicecca112
- Site Admin
- Posts: 5014
- Joined: Mon Mar 01, 2004 10:40 am
- Contact:
Re: Wanted to open a can of worms...
Not true, if you do your certs right, no error. We have plenty of SSLified sites running in the office that don't pull that error, and I issued all the certs myselfDragon_Cooler wrote:That is the thing.. Anyone can create thier own and sign and verify it. But if you create your own it will come up with the cert verification error that you have to click "I understand the risks" etc...dicecca112 wrote:Plus if you have a Windows Server OS you can create your own Certificate Authority, and issue your own
Did no one see where I was getting at? lol
If your cert isnt made through verisign or those companies in the list in firefox it comes up with that error. People that dont know any better see that error and dont visit the site. So you are left to pay money to get a "verified" cert so people will visit your site.
