sqlmap-users

Re: [sqlmap-users] Fail when trying to perform a checkout from sqlmap trunk

[Ryan S. <rd...@mt...>]

Wait, what? Are they *really* signed by a trusted CA?

I was going to suggest getting one from GoDaddy (http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo026e). Hell I'll even pay for it myself, anything I can do to support you guys!

Maybe we should go with comodo? :-P

Ryan

----- Original Message -----
From: "Steven Pinkham" <ste...@gm...>
To: "Miroslav Stampar" <mir...@gm...>
Cc: "sqlmap users" <sql...@li...>
Sent: Sunday, April 17, 2011 2:15:45 PM GMT -05:00 US/Canada Eastern
Subject: Re: [sqlmap-users] Fail when trying to perform a checkout from sqlmap trunk

Miroslav Stampar wrote:
> hi.
> 
> what are the suggestions for getting real certificate (not self-signed)?
> 
> kr
> 

Basic startcom SSL certs are free.  They are supported by all major
browsers and operating systems, and are verified as poorly^W well as any
other SSL cert.

http://cert.startcom.org/

-- 
 | Steven Pinkham, Security Consultant    |
 | http://www.mavensecurity.com           |
 | GPG public key ID CD31CAFB             |



------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload 
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve 
application availability and disaster protection. Learn more about boosting 
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
sqlmap-users mailing list
sql...@li...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] Fail when trying to perform a checkout from sqlmap trunk

[Steven P. <ste...@gm...>]

Ryan Sears wrote:
> Wait, what? Are they *really* signed by a trusted CA?

Yup.  Startcom was added to the windows root certificate program in
September 2009.  They were already in Firefox and Safari at that time.

It work just fine everywhere, as long as you correctly install the
intermediate certs according to the instructions, much like you need to
do for a godaddy or other cert these days.

http://www.startssl.com/?app=25#31

They allow one alt name of your choosing. Authentication is handled with
client side certs.  They do basic fraud avoidance like flagging people
who ask for, say, usbank.example.com as their alt name(I've tried ;-)

As far as I can tell there is absolutely no upside to paying for some
other Class 1 (domain/email validated) cert over the startcom free cert.
 Of course, if you need a wildcard cert, class 2 cert with business
verification(so your name shows up when smart users hover over the lock
icon), or extended validation cert(so the bar turns green), you still
have to pony up.  Otherwise, class 1 certs are common and trusted on the
Internet.  Most people don't know or care about the differences of the
different classes.

#1 reason to not use SSL is gone. Spread the word. ;-)

> I was going to suggest getting one from GoDaddy (http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo026e). Hell I'll even pay for it myself, anything I can do to support you guys!
> 
> Maybe we should go with comodo? :-P
> 
> Ryan
> 


-- 
 | Steven Pinkham, Security Consultant    |
 | http://www.mavensecurity.com           |
 | GPG public key ID CD31CAFB             |

Re: [sqlmap-users] Fail when trying to perform a checkout from sqlmap trunk

[Bernardo D. A. G. <ber...@gm...>]

Thanks for the info Steve.
We will consider a valid cert for svn.sqlmap.org.

Bernardo Damele A. G.

This message was sent from a smartphone

On 17 Apr 2011, at 23:33, Steven Pinkham <ste...@gm...> wrote:

> Ryan Sears wrote:
>> Wait, what? Are they *really* signed by a trusted CA?
>
> Yup.  Startcom was added to the windows root certificate program in
> September 2009.  They were already in Firefox and Safari at that time.
>
> It work just fine everywhere, as long as you correctly install the
> intermediate certs according to the instructions, much like you need to
> do for a godaddy or other cert these days.
>
> http://www.startssl.com/?app=25#31
>
> They allow one alt name of your choosing. Authentication is handled with
> client side certs.  They do basic fraud avoidance like flagging people
> who ask for, say, usbank.example.com as their alt name(I've tried ;-)
>
> As far as I can tell there is absolutely no upside to paying for some
> other Class 1 (domain/email validated) cert over the startcom free cert.
> Of course, if you need a wildcard cert, class 2 cert with business
> verification(so your name shows up when smart users hover over the lock
> icon), or extended validation cert(so the bar turns green), you still
> have to pony up.  Otherwise, class 1 certs are common and trusted on the
> Internet.  Most people don't know or care about the differences of the
> different classes.
>
> #1 reason to not use SSL is gone. Spread the word. ;-)
>
>> I was going to suggest getting one from GoDaddy (http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo026e). Hell I'll even pay for it myself, anything I can do to support you guys!
>>
>> Maybe we should go with comodo? :-P
>>
>> Ryan
>>
>
>
> --
> | Steven Pinkham, Security Consultant    |
> | http://www.mavensecurity.com           |
> | GPG public key ID CD31CAFB             |
>
>
>
> ------------------------------------------------------------------------------
> Benefiting from Server Virtualization: Beyond Initial Workload
> Consolidation -- Increasing the use of server virtualization is a top
> priority.Virtualization can reduce costs, simplify management, and improve
> application availability and disaster protection. Learn more about boosting
> the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users