Simple life, Complicated mind

Sunday, April 20, 2014

Installing Nagios on FreeBSD 10

Installing Nagios on FreeBSD 10

Nagios is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes.

the fork of nagios to icinga is a good thing, much in the same way as quagga was a great fork of zebra.

# uname -a
FreeBSD bsd10.local 10.0-RELEASE

Install Apache2.2

Install PHP5.4.27

Install MySQL5.5

Install Nagios:
# cd /usr/ports/net-mgmt/nagios
# make config-recursive
# make config-recursive
# make install

Add the www user to the nagios group:
# pw groupmod nagios -m www
# grep nagios /etc/group
nagios:*:181:www

Enable nagios to start on boot:
# echo 'nagios_enable="YES"' >> /etc/rc.conf

Now copy the sample files to the config files:
# cd /usr/local/etc/nagios/
# cp cgi.cfg-sample cgi.cfg
# cp nagios.cfg-sample nagios.cfg
# cp resource.cfg-sample resource.cfg

Move sample files to a sample folder:
# mkdir -p /usr/local/etc/nagios/sample
# mv /usr/local/etc/nagios/*-sample /usr/local/etc/nagios/sample

Navigate to /usr/local/etc/nagios/objects and do the same:
# cd /usr/local/etc/nagios/objects
# cp commands.cfg-sample commands.cfg
# cp contacts.cfg-sample contacts.cfg
# cp localhost.cfg-sample localhost.cfg
# cp printer.cfg-sample printer.cfg
# cp switch.cfg-sample switch.cfg
# cp templates.cfg-sample templates.cfg
# cp timeperiods.cfg-sample timeperiods.cfg

Move sample files to a sample folder:
# mkdir -p /usr/local/etc/nagios/objects/sample
# mv /usr/local/etc/nagios/objects/*-sample /usr/local/etc/nagios/objects/sample

Note: A sample configuration file for monitoring windows servers can be found at /usr/ports/net-mgmt/nagios/work/nagios-3.2.3/sample-config/template-object/windows.cfg

Now check you nagios configurations errors:
# nagios -v /usr/local/etc/nagios/nagios.cfg

Create a Nagios Admin called "nagiosadmin":
# htpasswd -c /usr/local/etc/nagios/htpasswd.users nagiosadmin

Note: the -c parameter creates the htpasswd file. If htpasswd file already exists, it is rewritten and truncated.

Note: you must call the admin name "nagiosadmin", because it is the default admin name in these configuration file "grep -i 'admin' /usr/local/etc/nagios/*.cfg".

Change permission
# chown root:www /usr/local/etc/nagios/htpasswd.users
# chmod 440 /usr/local/etc/nagios/htpasswd.users

Create a Nagios user called "nagiosuser":
# htpasswd /usr/local/etc/nagios/htpasswd.users nagiosuser

Note: you do not need the -c parameter this time since the htpasswd file already created.

Now add Nagios Setting to your apache configuration:
# vim /usr/local/etc/apache22/Includes/nagios.conf

### [START] nagios
<Directory /usr/local/www/nagios>
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
  Allow from 192.168.6.112
  php_flag engine on
  php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/
  AuthName "Nagios Access Ya"
  AuthType Basic
  AuthUSerFile /usr/local/etc/nagios/htpasswd.users
  Require valid-user
</Directory>

<Directory /usr/local/www/nagios/cgi-bin>
  Options ExecCGI
</Directory>

ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/
Alias /nagios/ /usr/local/www/nagios/
### [END] nagios

Restart Apache
# /usr/local/etc/rc.d/apache22 restart

Start Nagios
# /usr/local/etc/rc.d/nagios start

===========================================================
===========================================================

On the Nagios Client, install nrpe2:
# cd /usr/ports/net-mgmt/nrpe
# make config-recursive
# make config-recursive
# make install

Make the Nagios configuration file:
# ls -l /usr/local/etc/nrpe.cfg

If nrpe.cfg does not exist:
# cp /usr/local/etc/nrpe.cfg.sample /usr/local/etc/nrpe.cfg

Change Permission
# chmod 440 /usr/local/etc/nrpe.cfg

On the Nagios Client, add the Nagios Server's IP Address to allowed hosts:
# vi /usr/local/etc/nrpe.cfg
allowed_hosts=127.0.0.1,192.168.13.3

Note: comma separated. No Space in between!

On the Nagios Client, enable nrpe2 to start on boot:
# echo "nrpe2_enable="YES"" >> /etc/rc.conf

On the Nagios Client, start nrpe2:
# /usr/local/etc/rc.d/nrpe2 start

On the Nagios Client, make sure nrpe2 is running:
# ps auxww | grep nrpe
nagios 46166 0.0 0.1 14392 1860 - Is 4:47AM 0:00.00 /usr/local/sbin/nrpe2 -c /usr/local/etc/nrpe.cfg -d

On the Nagios Client, make sure the nrpe2 daemon is running:
# netstat -a | grep 5666
tcp4 0 0 *.5666 *.* LISTEN
tcp6 0 0 *.5666 *.* LISTEN

# sockstat | grep -E 'nagios|nrpe|5666'
nagios nrpe2 99457 3 dgram -> /var/run/logpriv
nagios nrpe2 99457 4 tcp6 *:5666 *:*
nagios nrpe2 99457 5 tcp4 *:5666 *:*

On the Nagios Client, run check_nrpe2 check. You should see the version number on success.
# /usr/local/libexec/nagios/check_nrpe2 -H localhost
NRPE v2.15

On the Nagios Client, you can test some of these by running the following commands:
# /usr/local/libexec/nagios/check_nrpe2 -H localhost -c check_users
# /usr/local/libexec/nagios/check_nrpe2 -H localhost -c check_load
# /usr/local/libexec/nagios/check_nrpe2 -H localhost -c check_hda1
# /usr/local/libexec/nagios/check_nrpe2 -H localhost -c check_sda1
# /usr/local/libexec/nagios/check_nrpe2 -H localhost -c check_total_procs
# /usr/local/libexec/nagios/check_nrpe2 -H localhost -c check_zombie_procs

Note: plugins are stored in /usr/local/libexec/nagios.

At this point, you are done installing and configuring NRPE on the remote host (Nagios Client). Now its time to install a component and make some configuration entries on your monitoring server.

===========================================================
===========================================================

On the Nagios Server, install nrpe2:
# cd /usr/ports/net-mgmt/nrpe
# make install

Make sure the check_nrpe2 plugin can talk to the NRPE daemon on the remote host. Replace "192.168.13.156" in the command below with the IP address of the remote host that has NRPE installed. Run following command on the Nagios Server:
# /usr/local/libexec/nagios/check_nrpe2 -H 192.168.13.156
NRPE v2.15

On the Nagios Server, run following command for testing:
# /usr/local/libexec/nagios/check_nrpe2 -H 192.168.13.156 -c check_total_procs

Use a Browser to check:

http://192.168.1.2/nagios/

===========================================================
===========================================================

We will create a new configuration file for all FreeBSD servers on the LAN.
# vi /usr/local/etc/nagios/objects/lan-freebsd-servers.cfg

###############################################################################
# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE
#
# Last Modified: 03-03-2011
#
# NOTE: This config file is intended to serve as an *extremely* simple
#       example of how you can create configuration entries to monitor
#       the local (FreeBSD) machine.
#
###############################################################################


###############################################################################
###############################################################################
#
# HOST DEFINITION
#
###############################################################################
###############################################################################

# Define a host for the local machine
define host{
        use             freebsd-server  ; Inherit default values from a template
        host_name       test-bsd        ; The name we're giving to this host
        alias           My TEST BSD     ; A longer name associated with the host
        address         192.168.13.156 ; IP address of the host
        }

define host{
        use             freebsd-server  ; Inherit default values from a template
        host_name       dev01           ; The name we're giving to this host
        alias           dev01     ; A longer name associated with the host
        address         192.168.13.157 ; IP address of the host
        }

define host{
        use             freebsd-server  ; Inherit default values from a template
        host_name       web1           ; The name we're giving to this host
        alias           Online Web     ; A longer name associated with the host
        address         192.168.13.242 ; IP address of the host
        }

define host{
        use             freebsd-server  ; Inherit default values from a template
        host_name       bsd-sql        ; The name we're giving to this host
        alias           Online SQL     ; A longer name associated with the host
        address         192.168.13.108 ; IP address of the host
        }

define host{
        use             freebsd-server  ; Inherit default values from a template
        host_name       fw1        ; The name we're giving to this host
        alias           Firewall Server  ; A longer name associated with the host
        address         192.168.13.2 ; IP address of the host
        }

###############################################################################
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
###############################################################################

# Define a service to "ping" the local machine

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       test-bsd,web1,bsd-sql,fw1,dev01
        service_description             PING
        check_command                   check_ping!100.0,20%!500.0,60%
        }

# Define a service to check SSH on the local machine.
# Disable notifications for this service by default, as not all users may have SSH enabled.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       test-bsd,web1,bsd-sql
        service_description             SSH
        check_command                   check_ssh
        notifications_enabled           0
        }

# Define a service to check HTTP.
# Disable notifications for this service by default, as not all users may have HTTP enabled.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       web1
        service_description             HTTP
        check_command                   check_http
        notifications_enabled           0
        }

# Define a service to check the number of currently logged in users.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       test-bsd,web1,bsd-sql,fw1,dev01
        service_description             Current Users
        check_command                   check_nrpe2!check_users
        }

# Define a service to check the root partition of the disk.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       localhost,test-bsd,web1,bsd-sql,fw1,dev01
        service_description             / partition
        check_command                   check_nrpe2!check_root
        }

# Define a service to check the /usr partition of the disk.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       localhost,test-bsd,web1,bsd-sql,fw1,dev01
        service_description             /usr partition
        check_command                   check_nrpe2!check_usr
        }

# Define a service to check the /var partition of the disk.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       localhost,test-bsd,web1,bsd-sql,fw1,dev01
        service_description             /var partition
        check_command                   check_nrpe2!check_var
        }

# Define a service to check the /tmp partition of the disk.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       localhost,test-bsd,web1,bsd-sql,fw1,dev01
        service_description             /tmp partition
        check_command                   check_nrpe2!check_tmp
        }

# Define a service to check the load.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       test-bsd,web1,bsd-sql,fw1,dev01
        service_description             Current Load
        check_command                   check_nrpe2!check_load
        }

# Define a service to check zombie processes.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       test-bsd,web1,bsd-sql,fw1,dev01
        service_description             Zombie Processes
        check_command                   check_nrpe2!check_zombie_procs
        }

# Define a service to check total processes.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       test-bsd,web1,bsd-sql,fw1,dev01
        service_description             total Processes
        check_command                   check_nrpe2!check_total_procs
        }

# Define a service to check mysql uptime.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       bsd-sql
        service_description             MySQL Uptime
        check_command                   check_nrpe2!check_mysql_health_uptime
        }

# Define a service to check mysql slave io running.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       bsd-sql
        service_description             MySQL Slave IO
        check_command                   check_nrpe2!check_mysql_health_slave-io-running
        }

# Define a service to check mysql slave sql running.

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       bsd-sql
        service_description             MySQL Slave SQL
        check_command                   check_nrpe2!check_mysql_health_slave-sql-running
        }

Note: comma separated. No Space in between!

Add other FreeBSD hosts on the LAN to the host group member list.
# vi /usr/local/etc/nagios/objects/localhost.cfg

define hostgroup{
        hostgroup_name  freebsd-servers ; The name of the hostgroup
        alias           FreeBSD Servers ; Long name of the group
        members         localhost,test-bsd,web1,bsd-sql,fw1 ; Comma separated list of hosts that belong to this group
        }

Remember to add host name to /etc/hosts:
# vi /etc/hosts
192.168.13.156 test-bsd
192.168.13.242 web1
192.168.13.108 bsd-sql
192.168.13.2 fw1

Define check_nrpe2 command in order to allow Nagios Server to run the check_nrpe2 command. Add following lines to commands.cfg:
# vi /usr/local/etc/nagios/objects/commands.cfg

# 'check_nrpe2' command definition
define command{
        command_name check_nrpe2
        command_line $USER1$/check_nrpe2 -H $HOSTADDRESS$ -c $ARG1$
        }

Note: $USERn$ macros are defined in /usr/local/etc/nagios/resource.cfg.

Note: Standard macros that are available in Nagios are listed here http://nagios.sourceforge.net/docs/3_0/macrolist.html .

Add following line to nagios.cfg:
# vi /usr/local/etc/nagios/nagios.cfg
# Definitions for monitoring the freebsd servers on the lan.
cfg_file=/usr/local/etc/nagios/objects/lan-freebsd-servers.cfg

Now check you nagios configurations errors:
# /usr/local/bin/nagios -v /usr/local/etc/nagios/nagios.cfg

Restart nagios if everything was okay:
# /usr/local/etc/rc.d/nagios restart

===========================================================
===========================================================

On the Nagios Client, install check_mysql_health plugin:
# cd /usr/ports/net-mgmt/check_mysql_health
# make install

Note: there is a plugin called "check_mysql" in nagios-plugins-1.4.15_1,1. However, check_mysql_health seems better.

Go to your MySQL server, and grant "no privileges" for a nagios user.
# mysql -u root -p
mysql> GRANT USAGE ON *.* TO 'nagios'@'localhost' IDENTIFIED BY 'nagios';
mysql> FLUSH PRIVILEGES;
mysql> exit

If you want to monitor mysql replication status as well, grant "REPLICATION CLIENT" privileges for a nagios user.
# mysql -u root -p
mysql> GRANT REPLICATION CLIENT ON *.* TO 'nagios'@'localhost' IDENTIFIED BY 'nagios';
mysql> FLUSH PRIVILEGES;
mysql> exit

# mysql -u nagios -p
mysql> show grants;

View check_mysql_health options
# /usr/local/libexec/nagios/check_mysql_health -h

You can test some of these by running the following commands on Nagios Client:
# /usr/local/libexec/nagios/check_mysql_health --hostname localhost --username nagios --password nagios --mode uptime --warning 2 --critical 5

Note: this command above will trigger a WARNING if mysql uptime is greater than 2 minutes; will trigger a CRITICAL if mysql uptime is greater than 5 minutes.

Pleae note, that the thresholds must be specified according to the Nagios plug-in development Guidelines.

10 // means "Alarm, if > 10" (without colon).
90: // means "Alarm, if < 90" (with colon).

On Nagios Client, edit nrpe.cfg:
# vi /usr/local/etc/nrpe.cfg
### MySQL - hardcoded command arugments.
command[check_mysql_health_uptime]=/usr/local/libexec/nagios/check_mysql_health --hostname localhost --username nagios --password nagios --mode uptime
command[check_mysql_health_slave-io-running]=/usr/local/libexec/nagios/check_mysql_health --hostname localhost --username nagios --password nagios --mode slave-io-running
command[check_mysql_health_slave-sql-running]=/usr/local/libexec/nagios/check_mysql_health --hostname localhost --username nagios --password nagios --mode slave-sql-running

On Nagios Client, restart nrpe2:
# /usr/local/etc/rc.d/nrpe2 restart

You can test some of these by running the following commands on Nagios Client:
# /usr/local/libexec/nagios/check_nrpe2 -H localhost -c check_mysql_health_uptime

You can test some of these by running the following commands on Nagios Server:
# /usr/local/libexec/nagios/check_nrpe2 -H 192.168.13.108 -c check_mysql_health_uptime
# /usr/local/libexec/nagios/check_nrpe2 -H 192.168.13.108 -c check_mysql_health_slave-io-running
# /usr/local/libexec/nagios/check_nrpe2 -H 192.168.13.108 -c check_mysql_health_slave-sql-running

Check system message if it did not work.
# tail /var/log/messages

Reference:
http://www.wonkity.com/~wblock/docs/nagios.pdf

http://www.weithenn.org/cgi-bin/wiki.pl?Nagios-%E7%B6%B2%E8%B7%AF%E7%9B%A3%E6%8E%A7%E5%8F%8A%E5%91%8A%E8%AD%A6%E7%B3%BB%E7%B5%B1

http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf

http://nagios.sourceforge.net/docs/3_0/macros.html

Wednesday, April 16, 2014

csh tcsh alias command line argument

# vi ~/.cshrc
alias ee 'echo \!:1 secondArg'

# source ~/.cshrc

# ee firstArg
firstArg secondArg

Alias argument selectors; the ability to define an alias to take arguments supplied to it and apply them to the commands that it refers to. Tcsh is the only shell that provides this feature.

  • \!# - argument selector for all arguments, including the alias/command itself; arguments need not be supplied.
  • \!* - argument selector for all arguments, excluding the alias/command; arguments need not be supplied.
  • \!$ - argument selector for the last argument; argument need not be supplied, but if none is supplied, the alias name is considered to be the last argument.
  • \!^ - argument selector for first argument; argument MUST be supplied.
  • \!:n - argument selector for the nth argument; argument MUST be supplied; n=0 refers to the alias/command name.
  • \!:m-n - argument selector for the arguments from the mth to the nth; arguments MUST be supplied.
  • \!:n-$ - argument selector for the arguments from the nth to the last; at least argument n MUST be supplied.

http://en.wikipedia.org/wiki/Tcsh

To allow the machines behind NAT accessing the public WAN IP address of the router (port forwarding to a internal web server)

To allow the machines behind NAT accessing the public WAN IP address of the router (port forwarding to a internal web server)

Method 1 - On pfSense:
System > Advanced > Firewall / NAT:
 - NAT Reflection mode for port forwards: Enable (Pure NAT)
 - click on "Save" button.

Method 2 - On pfSense:
Firewall > NAT > Port Forward > Edit Rule >:

NAT reflection: Enable (Pure NAT)

Tuesday, April 15, 2014

How to Design a Good API & Why it Matters

Summary
A well-written API can be a great asset to the organization that wrote it and to all that use it. Given the importance of good API design, surprisingly little has been written on the subject. In this talk (recorded at Javapolis), Java library designer Joshua Bloch teaches how to design good APIs, with many examples of what good and bad APIs look like.

http://www.infoq.com/presentations/effective-api-design

MySQL query for Baisc Product Infomration in Magento

SELECT
core_website.name AS siteName
, core_website.code AS siteCode
, core_store_group.name AS storeName
, core_store.code AS storeCode
, catalog_product_entity.entity_id
, catalog_product_entity.entity_type_id
, catalog_product_entity.attribute_set_id
, catalog_product_entity.type_id
, catalog_product_entity.sku
, catalog_product_entity.updated_at
, pname.value AS prodName
, pprice.value AS prodPrice
, pweight.value AS prodWeight
, cataloginventory_stock_status.qty
FROM core_website
INNER JOIN core_store_group ON core_website.website_id = core_store_group.website_id
INNER JOIN core_store ON core_website.website_id = core_store.website_id
INNER JOIN catalog_product_website ON core_website.website_id = catalog_product_website.website_id
INNER JOIN catalog_product_entity ON catalog_product_website.product_id = catalog_product_entity.entity_id
INNER JOIN catalog_product_entity_varchar AS pname ON catalog_product_entity.entity_id = pname.entity_id
INNER JOIN catalog_product_entity_decimal AS pprice ON catalog_product_entity.entity_id = pprice.entity_id
INNER JOIN catalog_product_entity_decimal AS pweight ON catalog_product_entity.entity_id = pweight.entity_id
INNER JOIN cataloginventory_stock_status ON core_website.website_id = cataloginventory_stock_status.website_id AND catalog_product_entity.entity_id = cataloginventory_stock_status.product_id
WHERE
1 = 1

AND core_website.website_id = 1 # 
AND core_store_group.group_id = 1 # US Store
AND core_store.store_id = 1 # English

AND catalog_product_entity.entity_type_id = 4 # Product
AND catalog_product_entity.type_id = 'simple' # Configurable product has no "weight"

### go to eav_attribute table for other attributes
AND pname.attribute_id = 71 # Product Name
AND pprice.attribute_id = 75 # Product Price
AND pweight.attribute_id = 80 # Product Weight

AND cataloginventory_stock_status.stock_id = 1 # Default Stock (Warehouse ?)

ORDER BY catalog_product_entity.sku

Where is weight stored in the database?

Where is weight stored in the database?

Weight is an attribute in Magento's EAV system.

Look at the table eav_attribute. Find the row with attribute code 'weight' and entity_type_id 4. (Entity type 4 means products.) In my table, this is row 64. This means the weight attribute is attribute 64.

Now look at catalog_product_entity_decimal. This is where all decimal attributes for products are stored, and weight is a decimal attribute. All the rows having attribute_id 64 are weight values. The entity_id values correspond to the products.

Reference:
http://www.magentocommerce.com/boards/viewthread/14761

Monday, April 14, 2014

Why is godaddy HTTPS/SSL certification so much cheaper than digicert, thawte, and verisign?

I am a novice on HTTPS/SSL but GoDaddy charges $12.99 and Digicert, thawte, and Verisign charge $100-1000+ for SSL certificates.

I must be missing something on the quality of the encryption or something. Can someone explain some of the basic differences that lead to these dramatically different prices?

Update $12.99 is a sale price. Typically SSL certificates cost $89.99 on GoDaddy. Here's a link on Godaddy which makes the very comparison this question asks about: http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo002c

Apart from unserious offerings, you can distinguish between cheaper domain-validated SSL certificates and the more expensive extended-validation SSL certificates (EV).

Both certificates are technically the same (the connection is encrypted), but domain-validated certificates are cheaper, because the seller only have to check the domain. The EV-certificates also require information about the owner of the domain, and the seller should check, if this information is correct (more administrative effort).

Normally you can see the difference when you visit the site with a browser. Firefox for example will highlight the domain in blue for domain-validated SSL, and green for extended-validation SSL.

Two examples:

https://accounts.google.com/ (domain-validated)
https://www.postfinance.ch/ (extended-validated)

In most cases the domain-validated certificate is fine, the user will have no disadvantages and the EV-certificates are really (too) expensive.

i just found that GoDaddy doesn't allow to "duplicates" certificate for your wildcards SSL.

That's a pitty since this is often used when you manage a farm of server and each one has its private key / csr.

(to compare, digicert do allow them, and unlimited number of them)

To be quite honest. there is absolutely NO difference when it comes to SSL certificates. The only contributing factor is the EV / non EV / Wildcard tags.

EV == Extended Validation: This means the site is actively " pinged " by the Certificate Authority on the provided IP of the domain, then a server-side script compares the IP address of the ping response from the CA, and the IP address YOU are visiting. This does NOT guarentee that there isn't a man-in-the-middle attack, or net-wide DNS poisoning. This just ensures that the site you are viewing is the same one the CA sees.

Non-EV == no one is actively checking the domain's IP against a logged / provided IP for security purposes.

Wildcard == *.domain.com based Certificates are often used when people have a multitude of subdomains, or a set of subdomains that are ever-changing, but still need valid SSL encryption.

The truth behind SSL Certificates.

You can make your own. They are no less secure than any other certificate. The difference being a " self-signed " certificate is not " vouched for " by any third party.

The problem with SSL Certificates is they are extremely over-priced for what they are. There is absolutely NO garentee that the site you are visiting belongs to whomever is listed on the certificate as owner / location etc. This defeats the purpose of the third-party-trust-chain model SSL was developed to use.

ALL Certificate Authorities known as CA's that sell their certificates, wants the user to believe that their certificate is somehow better. When in fact, they never check the information provided for the certificate unless there is an issue that may cost them revenue. This practice also defeats the purpose of the SSL trust-chain model.

I know of only ONE CA that indeed validates it's certificates. This is CACert.org.

For them to issue a " complete " certificate (business name, name, addres, phone etc..) you must meet one of their assurer's FACE-TO-FACE!.

However. most browsers do not use CACert.org due to pressures added to them by mega corporations like Thawte, Comodo, and Verisign.

So.. to sum it all up.

The only differences between certificates is the behavior of the CA. Certificates can't really be trusted to verify anything other than the connection to the site is useing encryption.

At the end of the day, people think paying $100 - $1000 somehow equates to trustworthiness. This is NOT the case. It just means you deal with less sophisticated or less established crooks.

Reference:
http://webmasters.stackexchange.com/questions/28595/why-is-godaddy-https-ssl-certification-so-much-cheaper-than-digicert-thawte-an