Re: [apache-ssl] Using Verisign certificates

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] Using Verisign certificates
From: <apachessl@web1.valley-internet.com>
Date: Fri, 15 May 1998 11:58:57 -0700 (PDT)
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
In-Reply-To: <199805151504.IAA07738@condor.mhsc.com>
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Reply-To: apache-ssl@lists.aldigital.co.uk



On Fri, 15 May 1998, Roeland M.J. Meyer wrote:

> At 10:35 PM 5/14/98 -0700, apachessl@web1.valley-internet.com wrote:
> >
> >
> >On Wed, 13 May 1998, Roeland M.J. Meyer wrote:
> >
> >> At 10:45 AM 5/11/98 -0500, Chris Owen wrote:
> >> >
> >> >We've used Stronghold for the past 2 years, but frankly I'd much rather
> >> >use plain old apache-ssl.  However, there is the Verisign certificate
> >> >problem.
> >> >
> >> >My question is this:  What is the real limitation against doing this?  The
> >> >apache-ssl web page says it isn't allowed, but on the Verisign site it
> >> >doesn't really make such claims.  I've also checked out the Verisign
> >> >contract and except for some vague language about using "appropriate SSL
> >> >software" it doesn't really say anything about any limits as to what
> >> >software you can use the certificate with.
> >> >
> >> >What happens if you use apache-ssl?  Do they revoke your certificate?  I'd
> >> >rather stay legal, but I'd really rather use the real deal rather than
> >> >Stronghold.
> >
> >I did some research on this a while back and talked at length to someone
> >at RSA on this.  I was told that I could buy a copy of RSA's BSAFE library
> >for in house commercial use for about $300 per machine, and that it would
> >work as a drop in replacement for rsaref.  I specifically told RSA that my
> >intent was to link bsafe to ssleay, and they didn't have a problem with
> >that.  But then again the guy I talked to actually knew what ssleay was.
> >
> >Assuming that is true, you could compile ssleay against bsafe (anyone done
> >this?) and use that with apache-ssl.  Legal in the US for less than the
> >price of Stronghold.
> 
> I guess that the first question that I'd ask is "Is BSAFE available for
> Linux?".

I don't know, but I would guess yes, since I am pretty sure that
stronghold uses BSAFE and Stronghold is available for Linux.

Chris

> ___________________________________________________ 
> Roeland M.J. Meyer, ISOC (InterNIC RM993) 
> e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com
> Internet phone: hawk.mhsc.com
> Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer
> Company web-site: <http://www.mhsc.com/>www.mhsc.com/
> ___________________________________________ 
> SecureMail from MHSC.NET is coming soon!  
>

References:
- Re: [apache-ssl] Using Verisign certificates
  - From: "Roeland M.J. Meyer" <rmeyer@mhsc.com>

Prev by Date: Re: [apache-ssl] Using Verisign certificates
Next by Date: httpsd can't start up
Prev by thread: Re: [apache-ssl] Using Verisign certificates
Next by thread: Re: [apache-ssl] Using Verisign certificates
Index(es):
- Date
- Thread