This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Free SSL certyficate for a year. Is it safe?  RSS feed

 
Rafal Rowinski
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is not spam! I found this page lately link. According to it they give a free SSL cert for a year. I know how to make one using keytool but it lasts only fo two months. Have anyone tried certs from this page? This seems to be too good to be true.
 
Tim Moores
Saloon Keeper
Posts: 3511
77
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know nothing about this offer, but if you use keytool, you can control the validity period of the certificate using the -validity parameter. 60 days is probably the default if you don't use it.
 
Rafal Rowinski
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for your answer. Is it safe to make the validity period to 365 days?
 
Tim Moores
Saloon Keeper
Posts: 3511
77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why wouldn't it be safe?
 
Rafal Rowinski
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I thought that it takes a certain amount of time for some algorithm to break SSL. Thats why some are valid for 2 months and some a year. Again it's just what came to my mind lately and it's probably wrong thats why I'm asking. Thank you again for your help. The question is resolved
 
Tim Moores
Saloon Keeper
Posts: 3511
77
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're concerned about the cipher being broken, check out the keysize option. It determines the strength of the cipher. 128-bit SSL in general is not considered broken.
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This isn't a JSF-specific issue, but since we're on the subject...

The only difference between making your own certificate with keytool and getting one from an outside source is that the outside source is expected to be independently confirmed as trustworthy.

In other words, you shouldn't see a security dialog pop up when an application secured from a certified CA (Certificate Authority) is used.

The duration of the certificate has nothing to do with how long it takes to break the encryption, which in any event, takes less and less time each year. The primary reason for an expiration date is to prevent people from getting hold of old unused certificates and making themselves look trustworthy when they aren't. This can especially be a problem when the domain name passed out of the hands of its original owners because they didn't renew it. A secondary benefit is that old security breaches can "heal themselves", but you should have created a "recall cert" in any event.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!