On Wed, June 15, 2016 10:48 am, Warren Young wrote:
On Jun 15, 2016, at 9:38 AM, Warren Young wyml@etr-usa.com wrote:
On Jun 15, 2016, at 9:02 AM, Valeri Galtsev galtsev@kicp.uchicago.edu wrote:
I do not see neither starttls.com nor letsencrypt.org between Authorities certificates.
Thatâs because they are not top-tier CAs.
I forgot to mention that letsencrypt.com uses one of its own certificates. You can use your browserâs certificate detail view to see the chain of trust. I see two levels here: IdenTrust -> TrustID -> Letâs Encrypt.
Thanks, that means no need to install CA. There is always someone (Thanks, Warren!) who looked deeper into things, and can explain them. The only thing here is: I need to look deeper myself how the identity of the server is ensured in this case (i.e. whether tier 2, tier 3, ... CAs really do that. But that is more fundamental thing: basically with that in play, can I still trust that the physical entity owning server cert is indeed who it claims to be).
As for starttls.com, that doesnât exist; youâre probably confusing it with the SMTP STARTTLS protocol extension. What you mean is startssl.com, which is the main public face of StartCom. StartCom is a top-tier CA.
I'm sure I did copy and paste, so that should have copied from OP e-mail...
Thanks again, Warren,
Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++