|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
|
Thread Tools | Display Modes |
|
|
|||
Google (Tm) testing ranking websites higher w/SSL
Hi Folks
Will be looking into using SSL cert for our web severs. We use Apache (chrooted) with (of course OpenBSD). for several static websites. Question: For those of you using Apache (chrooted) [yes, i know NGINX is going to be the default soon]. Have any of you encountered problems while following the instructions for SSL server certificate RSA or DSA generation in ssl(8) for httpd Apache? Not having done this before and on production servers i am somewhat cautious. As usual Thanks in Advance. |
|
||||
I've never had difficulty generating X.509 server certificates when following the instructions in the ssl(8) man page as general guidance. The process is the same regardless what web server you use. (I haven't used Apache in a number of years.)
I've found the openssl(1) man page far more daunting. The program does too many things, and those things it does do seem to be done in too many different ways. Last edited by jggimi; 8th August 2014 at 03:32 PM. Reason: corrected link |
|
||||
Self-signed certificates are primarily used for testing or personal sites, and are not designed for public-facing servers. Self-signed certificates, by design, are not issued by any Certificate Authority ("CA").
If a browser does not have a clear chain of trust from a trusted root CA through to the issuing CA, it will alert the user that the server is supplying an untrusted certificate. |
|
||||
What I meant is, Will google treat self-signed cert sites as if they were not SSL encrypted, that is, giving them a lower rating?
Although, if SEO does matter to you, then my question is really superfluous, a site concerned about such things will have to use a CA. |
|
|||
Google (Tm) testing ranking websites higher w/SSL
Yes, the question did relate to frcc sites facing the public.
I obviously overlooked the fact that Google(Tm) probably does rate self certificates lower, (defeating the intent for self cert) In fact a client's browser (mentioned above) would probably issue a warning for self generated certs raising more alarm than none. The question was generated to collect comments for problems encountered when doing this on a production server for the first time. I now see the process is straight forward. One would simply have to replace the self generated cert with one from a CA per ssl(8). Just a matter of cost/benefit. Thankyou Last edited by frcc; 9th August 2014 at 03:04 AM. Reason: improve quality of reply |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
HIgher math | Ninguem | Off-Topic | 6 | 5th February 2013 11:32 AM |
Node.js 0.8 performs at a higher tempo | J65nko | News | 0 | 27th June 2012 09:20 AM |
Google open sources JavaScript testing tools | J65nko | News | 0 | 3rd October 2011 09:13 AM |
Mailserver for websites | xCipherx | FreeBSD Ports and Packages | 4 | 13th April 2010 03:56 PM |
OpenBSD-related websites | bienc | OpenBSD General | 7 | 12th May 2008 09:15 PM |