Topic: Best SSL certificate - what are your experiences?

[madadam]

Note - the .crt and .key you created should be in the format of www.{domain}.crt and www.{domain}.key

I have been meaning to confirm this with more experienced admins here in the forums. On my server the .crt and .key files are named (using your syntax) like this: {server-name}.{domain}.key and the same for .crt.

I was going to ask what is the best name to use for the Common Name when requesting a certificate given that the server seems to use the server-name as the subdomain? My other problem is that I need to have a certificate for secure POP and SMTP so I need to secure the domain mail.{domain}.

Cheers!

adam

[m]

I also have tried CAcert.org to get a trusted certificate for mobile device sync, but the CAcert certificate expires in 6 months. That's too short for me. I decided to make my own CA to sign my certificates and to install my Root certificate on the devices. Works perfectly.

[william_syd]

the CAcert certificate expires in 6 months.

If you prove who you are don't you get a certificate that is valid for a longer period?

[william_syd]

I was going to ask what is the best name to use for the Common Name when requesting a certificate

Probably best to let your server do the work.

Custom CA Certificate

[m]

If you prove who you are don't you get a certificate that is valid for a longer period?

Sure, or alternatively collecting 50 points. Too much effort in my case. I have to install a root cert on the clients anyway. So running my own 'CA' is much more comfortable. I can make certs with 10 years lifetime if I like it.