ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local website purchase SSL or self signed?

    IT Discussion
    iis
    9
    49
    9.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dashrender
      last edited by

      Awesome, that's the kind of thing I was looking for.

      With NTG I can totally understand this.. they are all technical people.. but here, they are all the technical Luddites.

      S 1 Reply Last reply Reply Quote 0
      • S
        scottalanmiller @JaredBusch
        last edited by

        @JaredBusch said:

        @DustinB3403 said:

        Yeah users need to shut it...

        You're in the corporate network, which is heavily monitor'd.

        So as Scott said, they need to shut it.

        I completely disagree with this. I do not want users to have to ever get used to clicking through an error screen. Doing so on an internal site means instructing them to do so whenever they see it. Do you honestly expect general users to have the level of knowledge to properly read the error and confirm the internal URL?

        That's an excellent point. I often forget that one but it does matter a lot in most cases.

        1 Reply Last reply Reply Quote 0
        • S
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said:

          Awesome, that's the kind of thing I was looking for.

          With NTG I can totally understand this.. they are all technical people.. but here, they are all the technical Luddites.

          Right, that's why we often go that route internally.

          1 Reply Last reply Reply Quote 0
          • D
            Deleted74295 Banned
            last edited by

            As @JaredBusch said.

            Why would you ever tell users to ignore such a fundamental error message? If they get that error when logging into say, Office 365, do you want them typing in their credentials to a bogus website?

            1 Reply Last reply Reply Quote 0
            • J
              Jason Banned @JaredBusch
              last edited by

              @JaredBusch said:

              @DustinB3403 said:

              Yeah users need to shut it...

              You're in the corporate network, which is heavily monitor'd.

              So as Scott said, they need to shut it.

              I completely disagree with this. I do not want users to have to ever get used to clicking through an error screen. Doing so on an internal site means instructing them to do so whenever they see it. Do you honestly expect general users to have the level of knowledge to properly read the error and confirm the internal URL?

              Exactly. That's promoting bad habits. We use self-signed ones in places however push the Certs out as trusted via GPOs fixes any errors in browsers.

              1 Reply Last reply Reply Quote 0
              • J
                Jason Banned @DustinB3403
                last edited by

                @DustinB3403 said:

                You're in the corporate network, which is heavily monitor'd.

                Heavily monitored doesn't mean protected from stupid actions, which is how most things get in. You can't rely on a single point to protect you from vulnerabilities. You need good user training in addition to AV and network firewalls. User training is the most important.

                D 1 Reply Last reply Reply Quote 0
                • S
                  stacksofplates
                  last edited by

                  If you just need the SSL, StartSSL offers free certs. You don't have the insurance of a paid cert, but it's still encrypted and it's still green.

                  D 1 Reply Last reply Reply Quote 0
                  • D
                    DustinB3403 @Jason
                    last edited by

                    @Jason said:

                    You need good user training in addition to AV and network firewalls. User training is the most important.

                    User training..... hahaha.... 😛

                    So as with anything lets perform a math exercise and calculate the continuing cost of effectively training users, versus the cost of build a good security policy with backup and recovery functionality (not excluding cost to upgrade it and maintain it)

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      Deleted74295 Banned @DustinB3403
                      last edited by

                      @DustinB3403 said:

                      @Jason said:

                      You need good user training in addition to AV and network firewalls. User training is the most important.

                      User training..... hahaha.... 😛

                      So as with anything lets perform a math exercise and calculate the continuing cost of effectively training users, versus the cost of build a good security policy with backup and recovery functionality (not excluding cost to upgrade it and maintain it)

                      Don't forget to add the cost of a breach.

                      Reputation
                      Fines

                      J C 2 Replies Last reply Reply Quote 1
                      • J
                        Jason Banned @Deleted74295
                        last edited by

                        @Breffni-Potter said:

                        Don't forget to add the cost of a breach.

                        Reputation
                        Fines

                        Loss of stock value, investors etc.

                        1 Reply Last reply Reply Quote 0
                        • C
                          coliver @Deleted74295
                          last edited by

                          @Breffni-Potter said:

                          @DustinB3403 said:

                          @Jason said:

                          You need good user training in addition to AV and network firewalls. User training is the most important.

                          User training..... hahaha.... 😛

                          So as with anything lets perform a math exercise and calculate the continuing cost of effectively training users, versus the cost of build a good security policy with backup and recovery functionality (not excluding cost to upgrade it and maintain it)

                          Don't forget to add the cost of a breach.

                          Reputation
                          Fines

                          I really hate to be the pessimist... but do companies really care about loss of reputation after a breach? To the average consumer I don't think they really understand or care that their data has been stolen... For us sure it matters but everyone else?

                          J 1 Reply Last reply Reply Quote 0
                          • J
                            Jason Banned @coliver
                            last edited by

                            @coliver said:

                            I really hate to be the pessimist... but do companies really care about loss of reputation after a breach? To the average consumer I don't think they really understand or care that their data has been stolen... For us sure it matters but everyone else?

                            I know many people who aren't IT or security minded at all who won't shop at Kmart & Target now. So I guess they do.

                            S 1 Reply Last reply Reply Quote 0
                            • S
                              scottalanmiller @Jason
                              last edited by

                              @Jason said:

                              @coliver said:

                              I really hate to be the pessimist... but do companies really care about loss of reputation after a breach? To the average consumer I don't think they really understand or care that their data has been stolen... For us sure it matters but everyone else?

                              I know many people who aren't IT or security minded at all who won't shop at Kmart & Target now. So I guess they do.

                              But is it enough to impact their sales? TJ Maxx did this stuff too, but has that stopped people shopping there? People forget really, really quickly. Investing in company reputation is often worthless as consumers just don't remember.

                              1 Reply Last reply Reply Quote 0
                              • D
                                Dashrender @stacksofplates
                                last edited by

                                @johnhooks said:

                                If you just need the SSL, StartSSL offers free certs. You don't have the insurance of a paid cert, but it's still encrypted and it's still green.

                                what insurance would that be?

                                And you get green? That doesn't seem right. Green is suppose to mean extended validation. I can't imagine that StartSSL is doing that for free.

                                S 1 Reply Last reply Reply Quote 0
                                • D
                                  Deleted74295 Banned
                                  last edited by

                                  The padlock HTTPS bit is always green regardless of cert level.

                                  You are thinking of the green bar which is called Extended Validation.

                                  1 Reply Last reply Reply Quote 1
                                  • S
                                    stacksofplates @Dashrender
                                    last edited by stacksofplates

                                    @Dashrender said:

                                    @johnhooks said:

                                    If you just need the SSL, StartSSL offers free certs. You don't have the insurance of a paid cert, but it's still encrypted and it's still green.

                                    what insurance would that be?

                                    And you get green? That doesn't seem right. Green is suppose to mean extended validation. I can't imagine that StartSSL is doing that for free.

                                    from Comodo:

                                    What does the Warranty actually mean?

                                    We believe it is important to protect the end user. If we were to mis-issue a certificate to a fraudulent site, that fraudulent site has an SSL link with an end user and as a result of this the end user loses money the end user had what they thought was a "trusted session". Comodo should never have provided the fraudster with the ability to engineer this situation we therefore have insurance to pay the end user for any losses that they may incur. Why would we do this?
                                    We value the end customer
                                    We believe the insurance provides greater peace of mind and therefore allows the merchant to sell more products
                                    Most importantly, we value our validation techniques (delivered through www.comodo.com)
                                    We pre-validate customers and provide validation that is far higher than the majority of other SSL providers. Some CA's have weak validation so they do not offer insurance! We also offer high validation, but not at the compromise of speed. You can still obtain SSL instantly.

                                    Also

                                    Warranty: Comodo’s guarantee against loss associated with an online credit card transaction caused by Comodo’s failure to exercise reasonable care to perform the validation steps set forth in the Comodo CPS prior to the Certificate’s issuance.

                                    As @Breffni-Potter said, the lock is always green, but only the bar is the extended validation.

                                    D 1 Reply Last reply Reply Quote 0
                                    • D
                                      Dashrender @stacksofplates
                                      last edited by

                                      @johnhooks said:

                                      @Dashrender said:

                                      @johnhooks said:

                                      If you just need the SSL, StartSSL offers free certs. You don't have the insurance of a paid cert, but it's still encrypted and it's still green.

                                      what insurance would that be?

                                      And you get green? That doesn't seem right. Green is suppose to mean extended validation. I can't imagine that StartSSL is doing that for free.

                                      from Comodo:

                                      What does the Warranty actually mean?

                                      We believe it is important to protect the end user. If we were to mis-issue a certificate to a fraudulent site, that fraudulent site has an SSL link with an end user and as a result of this the end user loses money the end user had what they thought was a "trusted session". Comodo should never have provided the fraudster with the ability to engineer this situation we therefore have insurance to pay the end user for any losses that they may incur. Why would we do this?
                                      We value the end customer
                                      We believe the insurance provides greater peace of mind and therefore allows the merchant to sell more products
                                      Most importantly, we value our validation techniques (delivered through www.comodo.com)
                                      We pre-validate customers and provide validation that is far higher than the majority of other SSL providers. Some CA's have weak validation so they do not offer insurance! We also offer high validation, but not at the compromise of speed. You can still obtain SSL instantly.

                                      Also

                                      Warranty: Comodo’s guarantee against loss associated with an online credit card transaction caused by Comodo’s failure to exercise reasonable care to perform the validation steps set forth in the Comodo CPS prior to the Certificate’s issuance.

                                      That's laughable. Who cares about this insurance? The end user visiting that website? Really? I suppose some ambulance chasing lawyer could try to go after the SSL cert provider in the case where a client's CC or other information was exposed due to some negligence on the SSL providers part, but that seems pretty far fetched.

                                      Additionally, considering things like Let's Encrypt, soon anyone, including the hackers, will be able to get a free basic SSL cert.

                                      End-users don't know/understand or care about SSL certs. A few might understand that the green bar they get when visiting places like Ebay and paypal as a good thing, but probably don't know why it's a good thing.

                                      The insurance seems more like a gimmick to get those buying a SSL cert to buy from Comodo instead of the competition.

                                      As @Breffni-Potter said, the lock is always green, but only the bar is the extended validation.

                                      It is? this is FireFox and Facebook.
                                      lock.PNG

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        Deleted74295 Banned
                                        last edited by

                                        https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure

                                        Is your FireFox misbehaving?

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          Deleted74295 Banned
                                          last edited by Deleted74295

                                          Oh wait, gray padlock means SSL but without Extended Validation. Firefox is the only browser to do this by the looks of it, everyone else has a green padlock.

                                          D 1 Reply Last reply Reply Quote 0
                                          • D
                                            Dashrender @Deleted74295
                                            last edited by

                                            @Breffni-Potter said:

                                            Oh wait, gray padlock means SSL but without Extended Validation. Firefox is the only browser to do this by the looks of it, everyone else has a green padlock.

                                            Nope.
                                            Here's IE 11 on Win10 pro
                                            lock1.PNG

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post