CHI-LTD
asked on
Which SSL cert and supplier?
Hi
We are changing from a self signed cert to a 3rd part one.
The firewall is managed by a 3rd party co. I have the CSR for the new cert but unsure which co to use?
https://uk.godaddy.com/web-security/ssl-certificate/options/add-ons?src=ac&plan=ssl_001sites_tier1_024mo
https://www.digicert.com/order/order-1.php
Ideas?
We are changing from a self signed cert to a 3rd part one.
The firewall is managed by a 3rd party co. I have the CSR for the new cert but unsure which co to use?
https://uk.godaddy.com/web-security/ssl-certificate/options/add-ons?src=ac&plan=ssl_001sites_tier1_024mo
https://www.digicert.com/order/order-1.php
Ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As addendum to @ste5an also checkout certbot implementation for your system as the LE. certificates run for 3 month at a time.
the automation of that process is desireable. THe certbot tool was created for that in tandem with the LetsEncrypt certificates.
Certainly recommended for DV certificates. (Even Wildcards should be possible).
the automation of that process is desireable. THe certbot tool was created for that in tandem with the LetsEncrypt certificates.
Certainly recommended for DV certificates. (Even Wildcards should be possible).
ASKER
So the godaddy DV will work with Cisco?
^^ Yes just make sure when you generated the CSR you chose 2048 bit :)
P
P
ASKER
thanks
i ran the decoder which shows 2048.
i ran the decoder which shows 2048.
cool - I usually make the mistake and have to start again :)
Comodo is another great solution that comes with multiple features apart from 256-bit encryption like Highly visible site seal , free PCI scanning service, free daily website vulnerability scanning and more. You can switch to Comodo from a self - signed SSL Certificate. Catch more update about Comodo SSL Certificate here - https://comodosslstore.com/brands/comodo
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is just for the ASA VPN, but know a pen test will highlight this as an issue.
hmm, I disagree with Bhavesh's post marked as answer, because Comodo and Symantec have shown severe security issues in the past. And currently Symantec is on the list of certificates which will be removed from Chrome's default root CA list this year.
btw, depending on the use-case EV or OV certificates are necessary. Cause it "transports" another level of trust. It's like a cheap vs. an expensive business card.