Eddy Nigg wrote: > Also interesting choice of the CA, even though I realized > that you happen to change your server cert quite frequently ;-)
Well, the price was a factor :-) However what I found even more important was support for SubjAltName and the ability to get a certificate for both hecker.org and www.hecker.org with minimal hassle and expense. My original Go Daddy certificate was for www.hecker.org only, but then I switched my site so that hecker.org was the primary name and requests for www.hecker.org just redirected to hecker.org. This broke the browser cert checks, so I couldn't turn on redirection on the SSL side. (Now that I have the new cert I finally did that, so https://www.hecker.org/ gets redirected to https://hecker.org/) IIRC Go Daddy offered no simple/cheap way to include hecker.org as an alternate name to www.hecker.org on the same cert. They do offer "UCC certificates" that allow use of multiple domains, but the minimum price is $90/year compared to $30/year for a traditional single-domain cert. Also the documentation seems to indicate that this feature is intended primarily (perhaps only?) for cases where you use multiple TLDs, e.g., www.example.com vs. www.example.net vs. www.example.org; that may not be true in practice, but I didn't feel like spending $90 only to possibly find that Go Daddy's CA interface wouldn't handle my particular case. Note in that regard that the StartCom interface is actually not as flexible as I'd like. It forced me to specify www.hecker.org as the CN and hecker.org as a SAN, when I would have preferred it the other way around, since hecker.org is now the canonical site name. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
