Slashdot Mirror

← Back to Stories (view on slashdot.org)

SSL Certificates For Intranet Sites?

Posted by kdawson on from the matter-of-trust dept.

wiedzmin writes "Anybody who has worked around anything dubbed an 'appliance' in the past few years knows that they come with a management Web interface, which is usually 'secure.' However, no company in their right (accounting) mind will spend $400/year per appliance to buy Verisign SSL certificates to secure Web interfaces on networks that may not even be open to the public Internet. So network administrators, and sometimes end users, are stuck clicking away at an annoying 'Continue to this website (not recommended)' message every time they connect, setting an unhealthy precedent when it comes to the actual security of SSL and the much-hyped MITM attacks. So the question I have for the Slashdot crowd is: do you have valid SSL certificates on your intranet sites, and if so what do you use? Any cost-neutral, or at least cost-conscious solutions out there that don't involve manually distributing your certificates and CRL to every workstation in the company? Thanks."

2 of 286 comments (clear)

  1. ssh tunnel by bl8n8r · · Score: 0, Troll

    ssh -L 8888:localhost:80 frooboz@appliance.onmylan.net
    firefox http://localhost:8888/

    You *are* buying only *nix based appliances, right?

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
  2. Share the wisdom of Slashdot. by QuincyDurant · · Score: 0, Troll
    As owner of a small business, I am responsible for our IT. I am only 9% competent, and that's giving myself all the best of it. Still, I have to do it because there is neither anyone else available, nor can we afford to hire anyone. I glean what I am able to understand from slashdot.
    Thank you, LostOne, for your generosity of spirit and helpfulness. And thank you, wiedzmin, for having the guts to ask this bunch for help. If you accept this relatively easy advice, your users will thank you too.

    And to those of you here who claim "half a brain": please remember that you yourselves may someday need to do something (legal, financial, educational, even technical) for which you are less than half competent. Yes, you have achieved a "win" in humilating a sincere poster, but it's the cheap victory enjoyed only by the pusillanimous.