Just FYI
I guess, you could also run your own CA and sign stuff yourself. After all, your RPMs are also self-signed ;-)
From: Rainer Duffner rainer@ultra-secure.de
Just FYI I guess, you could also run your own CA and sign stuff yourself. After all, your RPMs are also self-signed ;-)
But that means the browsers will complain until each user permanently adds
this untrusted certificate manually... which might be no big deal if only a
few ttech savy people are using this sub-domain...
If CentOS is "rich", a wildcard certificate costs around $120/year,
maybe cheaper...
JD
On 8/21/2012 7:39 AM, John Doe wrote:
From: Rainer Duffner rainer@ultra-secure.de
Just FYI I guess, you could also run your own CA and sign stuff yourself. After all, your RPMs are also self-signed ;-)
But that means the browsers will complain until each user permanently adds
this untrusted certificate manually... which might be no big deal if only a
few ttech savy people are using this sub-domain...
If CentOS is "rich", a wildcard certificate costs around $120/year,
maybe cheaper...
Or $0/year at startssl.com...
-Greg
Startssl Wildcards require validation which is (i think) $59,90 per 2 years. Now startssl simple certificates are $0, that's right :-)
Since i am StartCom-validated anyway i'd donate a 2-year SSL wildcard certificate if the person in charge contacts me off-list. All i need i s a CSR to submit and a valid email contact for the centos.org domain...
-----Ursprüngliche Nachricht----- Von: centos-bounces@centos.org [mailto:centos-bounces@centos.org] Im Auftrag von Greg Bailey Gesendet: Dienstag, 21. August 2012 16:48 An: centos@centos.org Betreff: Re: [CentOS] projects.centos.org - certificate has expired
On 8/21/2012 7:39 AM, John Doe wrote:
From: Rainer Duffner rainer@ultra-secure.de
Just FYI I guess, you could also run your own CA and sign stuff yourself. After all, your RPMs are also self-signed ;-)
But that means the browsers will complain until each user permanently adds
this untrusted certificate manually... which might be no big deal if only
a
few ttech savy people are using this sub-domain...
If CentOS is "rich", a wildcard certificate costs around $120/year,
maybe cheaper...
Or $0/year at startssl.com...
-Greg
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 21/08/2012 15:47, Greg Bailey wrote:
On 8/21/2012 7:39 AM, John Doe wrote:
From: Rainer Duffner rainer@ultra-secure.de
Just FYI I guess, you could also run your own CA and sign stuff yourself. After all, your RPMs are also self-signed ;-)
But that means the browsers will complain until each user permanently adds
this untrusted certificate manually... which might be no big deal if only a
few ttech savy people are using this sub-domain...
If CentOS is "rich", a wildcard certificate costs around $120/year,
maybe cheaper...
Or $0/year at startssl.com...
-Greg
I use startssl.com - and generally it is fine... I have however had a problem. Someone recently sent an email in my name (but not from my email address) asking for my certificate to be revoked to the startssl certmaster. The startssl certmaster went ahead and revoked my certificate, this caused me a fair amount of pain, and obviously there is little cross-verification done against this type of social-engineering attack. I have been told that it is unlikely to happen again (because my account now has red flags all over it), but if you use certificates for anything serious you might want to use an organisation that has enough funding to perform some cross-verification against such attacks..
From: Greg Bailey gbailey@lxpro.com
On 8/21/2012 7:39 AM, John Doe wrote:
From: Rainer Duffner rainer@ultra-secure.de
Just FYI I guess, you could also run your own CA and sign stuff yourself. After all, your RPMs are also self-signed ;-)
But that means the browsers will complain until each user permanently adds this untrusted certificate manually... which might be no big deal if only a few ttech savy people are using this sub-domain... If CentOS is "rich", a wildcard certificate costs around
$120/year, maybe cheaper...
Or $0/year at startssl.com...
"In the Class 1 settings (free), the only possible relationship between StartCom and the subscriber is with individuals" Now, is CentOS more of an individual than a company...?
JD
John Doe wrote:
From: Greg Bailey gbailey@lxpro.com
On 8/21/2012 7:39 AM, John Doe wrote:
From: Rainer Duffner rainer@ultra-secure.de
Just FYI I guess, you could also run your own CA and sign stuff yourself. After all, your RPMs are also self-signed ;-)
But that means the browsers will complain until each user permanently adds this untrusted certificate manually... which might be no big deal if only a few ttech savy people are using this sub-domain... If CentOS is "rich", a wildcard certificate costs around
$120/year, maybe cheaper...
Or $0/year at startssl.com...
"In the Class 1 settings (free), the only possible relationship between StartCom and the subscriber is with individuals" Now, is CentOS more of an individual than a company...?
Silly question: would they *donate* one? Or check out root CA's that use CentOS, and ask? (Sorry, I can't remember whether Trustwave, who I did a short-term contract for in '09, used RHEL or CentOS).
mark
On 08/21/2012 02:37 PM, Rainer Duffner wrote:
Just FYI
I guess, you could also run your own CA and sign stuff yourself. After all, your RPMs are also self-signed ;-)
I'll get this fixed shortly.
-
Giles Coochey -
Greg Bailey -
John Doe -
Karanbir Singh -
m.roth@5-cent.us -
Rainer Duffner -
Thomas Göttgens