Important: Please read
SSLGate makes use of certain freely available versions of the Openssl libraries.
During developement, libraries were downloaded from a European site for the
Apache-Modssl project. The unmodifed libraries must exist in the same directory
as the SSLGate executable.
For the time being, TCP Data will include these libraries with its intallation
package. Should any legitimate objections arise with regard to issues of
propriety or US export restrictions, we may be forced to cease the practice.
In this case, prospective customers will be given a list of addresses of
20-30 sites around the world from which these 2 libraries (dll's) can be
downloaded. The procedure, in this case, would be to simply download a zip
file into your system32 directory and unzip it.
Certificate sharing is a standard industry practice for web hosting
providers. Most of the major trusted certificate authorities have license
arrangements that allow certificate sharing. TCP Data does not endorse,
nor take responsibility for, violation of these licenses. Compliance is the
sole responsibility of the licensee of these certificates.
Obtaining a 15-day trial
SSLGate is licensed to a domain (just like trusted authority certs). It will
be shipped with one of our own certificates for the domain you specify. It
will be possible to run the demo with a certificate other than the one we
include, provided it is in the proper format (PEM file with private key
included). Please email our product support department for help with conversion
from other formats.
For example, assuming the prospective customer is running IIS 5.0, he might
decide to run the demo on a different port, say 444. This would not interfere
with existing operations. Provided he has a trusted cert with the 'private
key exportable' option, he can export his cert/private key to a pfx file
and convert to pem format. Contact product support for details.
Permanent Licensing
A permanent license is currently available at the introductory price of $499.
We accept payment in form of company checks on US banks, cashier's checks
on US banks, or money order (US or international). A 10% 'cash' discount
is applicable for cashier's checks and money orders. This is offered mainly
for international customers to offset the additional costs of obtaining an
international money order. This discount is extended to include US customers.
Special note on dealing with Trusted Certificate Authorities
Ordering a certificate for SSLGate is not something the TCA's will understand.
Strictly speaking, SSLGate is not even a server. Some TCA's will make
requirements as to the server for which the certificate is ordered. In these
cases, running Apache and IIS from the same domain requires 2 separate
certificates. Its best to 'shop around' among the TCA's on these issues.
Taking a certificate issued to an IIS server(s), putting it into SSLGate,
then forwarding requests to the same server(s) would not be a violation of
the license.
Tools are freely available to convert the certificates among the different
formats. It's best to order the certificate for a particular server and assure
you obtain it in a convertable format. All formats for Apache are, to our
knowledge, interconvertible to formats compatible with SSLGate and IIS.
In the case of IIS 5.0 there is a 'gotcha' you must be aware of even if you
don't plan to use the certificate with SSLGate. Intalling a certificate with
a 'non-exportable private key' is a GIANT mistake. Not only can you not export
to an interconverable pfx format, you cannot even back up the key. In the
event of a disk crash, or other catastrophe, you must get a new certificate!
Do not install certificates for IIS 5.0 that don't have an exportable
private key!
If the IIS 5.0 cert has an exportable private key, you can export the cert/key
pair into the portable pfx format. Conversion to PEM, used by Apache/SSLGate,
is a simple, one-step process.
There is a great deal of information on IIS certificates on the Thawte site
(www.thawte.com). They make the point, in their IIS faq, of the importance
of exportable private keys for backup purposes. We cannot guarantee that
they 'practice what they preach', but from the material on their site they
would seem to be a sympathetic TCA on this issue.
We, at TCP Data, provide help/information to our customers on procedures
involved with certificate backup and conversion. As a matter of company policy,
we make no attempt to quiz or interogate our customers on the particulars
of their licensing agreements for any particular certificate. These issues
are the responsibility/liability of the customer.
There are many discount certificate authorities. The certificates usually
furnish the same level of security as the more expensive counterparts, but
aren't recognized by as many browsers. Downloading and installing both Netscape
and Internet Explorer, including some older versions, will enable you to
test the compatibility claims of these authorities. The worst that can happen
is that the browser won't automatically recognize the cert and the user will
be shown a screen of the type shown for TCP Data certs on the SSLGate/technical
page of this site.
Certificate Authorities
-
Thawte Consulting, at http://www.thawte.com
-
CertiSign Certificadora Digital Ltda., at http://www.certisign.com.br
-
IKS GmbH, at http://www.iks-jena.de/produkte/ca/
-
BelSign NV/SA, at http://www.belsign.be
-
Verisign, Inc. at http://www.verisign.com
-
TC TrustCenter (Germany) at http://www.trustcenter.de
-
NLsign B.V. at http://www.nlsign.nl
-
Deutsches Forschungsnetz at http://www.pca.dfn.de/dfnpca/certify/ssl/
-
128i Ltd. (New Zealand) at http://www.128i.com
-
Entrust.net Ltd. at http://www.entrust.net/products/index.htm
-
Equifax Inc. at http://www.equifaxsecure.com
-
GlobalSign NV/SA at http://www.GlobalSign.net
-
NetLock Kft. (Hungary) at http://www.netlock.net
-
Certplus SA (France) at http://www.certplus.com
-
InstantSSL (inexpensive 'chained' certs) http://www.instantssl.com
|
