Chris Owen wrote:
>
> On Mon, 11 May 1998, Michael Smith wrote:
>
> > Chris Owen wrote:
> > >
> > > We've used Stronghold for the past 2 years, but frankly I'd much rather
> > > use plain old apache-ssl. However, there is the Verisign certificate
> > > problem.
> > >
> > > My question is this: What is the real limitation against doing this? The
> > > apache-ssl web page says it isn't allowed, but on the Verisign site it
> > > doesn't really make such claims. I've also checked out the Verisign
> > > contract and except for some vague language about using "appropriate SSL
> > > software" it doesn't really say anything about any limits as to what
> > > software you can use the certificate with.
> > >
> > > What happens if you use apache-ssl? Do they revoke your certificate? I'd
> > > rather stay legal, but I'd really rather use the real deal rather than
> > > Stronghold.
>
> BTW, I got this from Verisign today in response to my complaint about not
> supporting apache-SSL (my email to them made it very clear that I was
> complaining about not being able to use apache-SSL and having to use
> Stronghold):
>
> ---
>
> Hello,
>
> We do support Apache-SSL. Please go to
> http://digitalid.verisign.com/server_ids.html. You will need to select
> C2NET(Apache-SSL-US).
>
> Thank you for using VeriSign's Digital ID Services.
Yeah, well - Apache-SSL-US is not Apache-SSL. And I'm not C2NET. Still,
if VeriSign's sales droids want to compromise their position, who am I
to complain?
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache