5 votes

Request to Michael Nystrom

Hello Michael,

Is there anyway possible the DailyPaul could get an ssl cert?

I will contribute as I am sure many others will happily do as well.

Thanks For everything you do.

pros/cons welcome

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Michael Nystrom's picture

Ok, will do

We have one, but it is expired. I'll put it on my list of things to do for the site.

Can someone tell me the procedure? Do I just have to buy something online somewhere?

To be mean is never excusable, but there is some merit in knowing that one is; the most irreparable of vices is to do evil out of stupidity. - C.B.

thank you!

Take note, you don't need a signed cert to get encryption. You can just make a self signed cert. People will just have to hit accept or confirm the self signed cert on their browser when going to https://dailpaul.com. No big deal. The dailypaul and you Michael, I trust more then SSL vendors so if you wanted to make a self signed cert, that would be more then enough for me and most others on here. You are less likely to give up the key to the feds then any of the major SSL vendors. And you don't have to force people to https, people can use non encrypted if they choose to.

You can buy them online. In order to get one, you must have a private key created (with the Daily Paul info, owner, domain, etc). Then you need to create a CSR based on the key. (Certificate signing request). Then send the CSR to a trusted vendor for signing. Comodo, verisgin, there are a bunch of trusted vendors.Many companies that sell ssl certs will also have a web form you can use to create the private key, csr and signed cert right there. So the key and CSR do not need to be created on the hosted server. They can be created on your workstation even. If you have a mac or linux workstation, creating a key and csr is a snap and their are probably hundreds of howtos on the net for this.

The price will vary. Shared cert, and wild card certs are more expensive.

I also wanted to add....although the Dailypail will be encrypted with ssl, the linked and href'd content that are hosted else where would not be encrypted traffic. For example, if someone links to a non encrypted Alex Jones site, the snooping feds will be able to see in plain text any traffic that's generated between the DPer and where the non encrypted Alex JOnes site is hosted. Not saying AJ is insecure, just an example. Used AJ as I am sure he is on their "watch list"

Good points

One more thing for people to consider regarding SSL encryption.

SSL does NOT hide your IP address. Let's say your ISP is ATT which provides Internet access for your house. ATT knows who you are, and they also know which IP address(es) you use when you browse the Internet.

That means if someone (like the govt.) was really interested they could view the data flowing over the Internet, pick out traffic associated with your IP and know every thing you do on the Internet if they got ATT's info. In fact the govt. was shown to be illegally spying on Internet traffic from Americans.

What SSL encryption does is scramble the data sent between your computer and the computer (server) you connect to. So someone snooping would see that you (your IP address) connected to such and such server, but they wouldn't know what data (like passwords, your comments, etc.) was exchanged. They would only know that something was exchanged between the two locations. So, they would still know you were visiting the Daily Paul is the point I'm trying to get across. The only way to alleviate that would be using an anonymous proxy server or connecting from a location/IP address not tied back to you (like Starbucks, McDonalds, etc.).


hosting provider/server administrator can do it for you.

SSL is a piece of code on your server that encrypts the information being sent to and from the server so that to someone viewing the data over the wires it looks like random bits. They don't know what any of it means.

Usually your server admin will create a folder (e.g. named 'secure') on your server that you want to serve encrypted documents from. You then place the files to be encrypted in that folder and point the relevant URL to it, for example secure.dailypaul.com or dailypaul.com/secure/somepage.html. You can also encrypt the entire site which is what I recommend. See the Bitcoin exchange https://mtgox.com for example.

The certificate is less important. It's a long story, but you can self-sign your own certificate to save money (won't look good to browsers though). Using one from a "trustted authority" like Thawte is good for appearances, but that system is broken (again, long story).

ssl cert?

Don't know what it is.
But I give it a big bump.

LL on Twitter: http://twitter.com/LibertyPoet
sometimes LL can suck & sometimes LL rocks!
Love won! Deliverance from Tyranny is on the way! Col. 2:13-15

Trevor Lyman's picture

Secure socket layer

Secure socket layer certificate. It's used for credit card transactions (at least).

Thank you Trev

How are things going in Ecuador?

LL on Twitter: http://twitter.com/LibertyPoet
sometimes LL can suck & sometimes LL rocks!
Love won! Deliverance from Tyranny is on the way! Col. 2:13-15