|
|
|
|
|
|
by hopeless
5513 days ago
|
|
|
It sounds like an interesting idea with some real problems to solve. I'm not a professional sysadmin so wonder what the current solution is? That would be a great source of information which many people on here could provide. My #1 concern is trust. Would a webdesign agency really trust all their SSL certs to Silo for $50/yr? Centralising that number of SSL certs at an random online service seems a little insecure. I'd probably prefer a truecrypt-encrypted USB key, or an encrypted volume of dropbox/whatever or something like that. I wonder if there's a business here in just the SSL expiry notifications? It seems a common problem which is theoretically solved by Google Calendar but obviously no one actually thinks of a general tool for the specific purposes of reminding them about expiry dates. |
|
|
There isn't any solution to the pass phrase apache issue. If you forgot / lose it you need to:
a. Remember / find it
b. Buy a new certificate.
You can create private keys without pass phrases, but this is less secure.
It's interesting to hear that you think SSL certificate expiry is a common problem. As you say notification could be setup in Google Calendar, but we just tend to overlook things like this. However I wonder whether a for sale web app could be justified on this single simple feature...
As for trust, it is a real issue. Trust and security are two different things. The security could be fine, but if there is a belief (rightly or wrongly) that it isn't safe then there will be a problem selling a product or service.
From my understanding the certificate is sent from the server to the visitor's browser when they connect, so I don't see storing them in an online service as a security risk. However I need to research the security implications of storing the private key and pass phrase. Any advice or info here would be greatly appreciated.