Rory Primrose

So how is it different to issuing a certificate yourself with makecert.exe?

Dude ! that's the whole point of purchasing a SSL certificate - so your users don't have to install the issuing root ca.

If you're after a cheap certificate, Godaddy Turbo SSL is pretty good, and RapidSSL.com do a nice one too.

Because makecert is a self-issued certificate which doesn't have a trust chain or root CA (something like that). It is really only good for localhost SSL development.

With these guys, if you do install their root certificate, then you can have either a personal email certificate or web domain certificate for free.

Realistically though, it isn't that helpful for personal email certificates because most people don't have the root certificate. Most browsers do have their root certificate installed now, just not IE and Opera.

In my case, I intend to use it for a hosted project I am building where I will basically be the only user. This means that it isn't a problem that the root certificate isn't in wide circulation.

Yeah, but Grant, RapidSSL is still over $100 for a certificate, although that is nothing like what you would pay to use Verisign or Thawte. The GoDaddy one looks good though.

I'm my case, StartCom is a perfect setup though.

Hi,

We have Exchange server 2003 with IIS 6.0....and I need to implement certificate for my web site because whenever I try to access my web site trough outlook web access it gives me error- "the sites security certificate is invalid" or something like this error.... So to be very honest this is very annoying and I want to get rid of this error....I have a few queries can you please resolve them?

1- after implementing StartCom certificate will I be able to access OWA of my site without any error?

2- which certicate should I use for the server?

3- Is it safe to use free SSL certificate?

Hi Roshi,

Sorry for the late reply. I haven't been getting notified of new comments.

Yes you can host a site with SSL when using a free cert. The server and client just need to be configured correctly.

It sounds like your client machine does not have the root cert in the Trusted Root store. It's best to put the root cert in the computers Trusted Root store so that other users and services on the machine can also trust certs that have the root cert in their chain of trust.

You will need a server certificate for IIS rather than a personal cert.

The security of free certs can be questionable as it depends on the security of the CA itself. I'm not an expert about this though. For my purposes I am not really that fussed. If someone is able to get around the security of the CA then I am probably not their target for breaking encrypted traffic as there will be more important targets that actually deal with valuable information.

BTW, I'm now using CACert.org rather than StartCom because CACert provide wildcard server certs which allows you do host multiple subwebs using the same certificate.