Comment We really should rethink web encryption. (Score 1, Interesting) 53
I am not a full time systems administrator, but I have setup ssl sights before. And if you don't do it all the time or at least one every 6 months. The process is cumbersome and difficult.
We have the cert agency otherwise the popular web browsers we'll create alerts stating how much of a horable institution you are for not shilling out cash for a key.
Then IIS vs Apache vs other browsers have different rules to setup and sometimes it just doest work when you follow the instructions.
It is a process that should be easier to setup.
This difficulty is why organizations may not go that route. They can't risk taking there servers down for a day to get their site secure. If the choose the wrong cert company they either spend a ton of money, or risk getting a company not recognized by the web browser. Scaring off users.
Then you have security updates. Which may break what you have setup.
I personally think ssl should be enabled by default by the web server, then you send the cert company your key made during the install process. Then they will give you a data set that you add to your configuration to tell the browser to check against that cert location. Then the browser can decide the quality of the cert verifier.