The SSL Certificate Scam

My latest Google+ post is a length rant/vent on the state of SSL certificates as  used on websites today.

 https://plus.google.com/117506461184749864074/posts/PqHMSjsY5hp

The summary is:

I don't feel that purchasing SSL Certificates from "Trusted Third  Parties" as defined by Google, Microsoft, and Mozilla is currently worthwhile.  If you're using them for security, set up your own internal CA with a couple of roots and issue certs for your own usage.  It's more secure because then YOU are the one who decided to trust the CA.  Moreover, it is more secure because YOU can set much shorter expiration (why wait a whole year?  Expire it in a month and generate a new one!) so if a cert is stolen it will expire soon - and YOU can revoke certificates that are being used fraudulently.

The only benefit to purchasing an SSL Certificate is marketing. There are a few people who will choose not to purchase a product if the SSL Certificate doesn't "look right".  However, considering the large number of active e-commerce websites taking orders today using expired certificates - I think the number of sales lost is minimal.

I do see a purpose to trusted third parties - it is just the current system which is flawed.

Book Review: Learning Joomla! 3 Extension Development

First, let me say that I downloaded the Kindle version of this from PacktPub.com.  I was concerned about the screenshots being viewable because my other (unrelated) Kindle books from Amazon had photos and illustrations that were such a low resolution they were not helpful.  Fortunately, the screenshots in this book are clear enough to view and get all the details needed.

I've been building Joomla! sites since 2006 and building custom extensions since 2009.  There are many new features in Joomla! 3 and so there's always more learning to do.

The author goes into background and explanation of what's going on in the world of Joomla! development, both core and extensions, and what can be expected in the foreseeable future.  This is information everyone who builds Joomla! sites for clients needs to know, whether they do any coding of their own or not.

The author also touches on subjects, then states that it is beyond the scope of this book.  I consider this a good thing, because even though he doesn't go indepth about these out-of-scope topics, it gives the reader "extra ciricular" study to explore on their own after completing the book.  It's good to know what else there is to learn about.

This book is written so that beginning programmers can follow.  (Note:  You need to be familiar with the Joomla admin - installing and maintaining a Joomla site.)  Even if you have light experience with PHP, you will be able to follow along and get a good foundation in building custom Joomla! extensions, for yourself, the community, or as a business.  (By the way, he also discusses the various business models and the JED.)

Learning Joomla! 3 Extension Development is a must-read -- even if you are not building extensions from scratch, you will at some point want to tweak some of the 3rd party extensions you use.  And it's a perfect supplement to my video course on Joomla 3 Extension Development

SSL Virtual Hosting

SSL virtual hosting

I hadn't looked at how SSL works on web servers for a number of years.  The last time I worked with SSL the common rule was that you had to have a  distinct IP address for every domain name that you wanted to use SSL for[so you could have an SSL certificate for each different domain]

Heck, even the Apache Wiki still states it in some places:
http://wiki.apache.org/httpd/NameBasedSSLVHosts

However, when poking around I ran across references to SNI and using multiple certificates for the same IP Address.
http://www.ietf.org/rfc/rfc4366.txt  This dates all the way back to 2006, so it has been around for quite a while!

Continue Reading

More Articles...

Joomla Training from OSTraining

Login

JFBConnect - Facebook on your Joomla site