Litech SSL Information

SSL is used extensively by Litech network services to encrypt data traveling over the Internet between client computers and Litech servers. SSL (which stands for Secure Socket Layer) is a protocol that can provide cryptographic privacy and identity verification for any TCP network protocol. We use it to hide passwords that would otherwise travel over the Internet in cleartext.

There are two separate functions provided by SSL. First, as stated above, it prevents any third parties from eavesdropping on your network connections and obtaining your password. Second, SSL allows servers to present a certificate to verify their authenticity. Each host name that points to a server must have its own certificate. This feature is actually a disadvantage to using SSL for us because most browsers will require certificates to be signed by a so-called certificate authority (CA) before the browser will accept them as authentic. Certificate authorities charge several hundred dollars a year to sign each certificate, so most non-profit organizations and individuals do not have certificates that are signed by a CA. Unfortunately, commercially-produced mail clients and web browsers will complain loudly when a server presents an unsigned (or self-signed) certificate, and require the user to click through several screens to acknowledge that they realize that the certificate is unsigned.

You will experience such complaining from your browser or mail reader when you attempt to connect to a Litech service using SSL. If you want to verify that the certificate you have received is correct, here are our current certificate fingerprints:

There will probably be a way of saving a server certificate with your client so that you won't be prompted again. In Netscape, the option is "Accept this certificate forever (until it expires)". Other clients will have a similar option to prevent the dialog from being displayed in the future.

Last modified 5-17-2002 by lutchann.