[CentOS] https and self signed

Wed Jun 15 15:18:49 UTC 2016
David Nelson <david at davidnelson.net>

On Jun 15, 2016, at 8:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
> I do not see neither starttls.com <http://starttls.com/> nor letsencrypt.org <http://letsencrypt.org/> between Authorities
> certificates. This means (correct me if I'm wrong) that client has to
> import one of these Certification Authorities certificates, otherwise
> server certificate signed by one of these authorities is on the same page
> with my private Certification Authority (which I used to run for over 10
> years, then in my kickstart I had my CA certificate imported into CA of
> clients - but other clients, like laptops had to download, install and
> trus my CA certificate). Of course, this is a notch better than
> "self-signed" server certificates, as you only need to import CA
> certificate once, whereas you will need to import self-signed server
> certificates for each of the servers...

For my personal needs I use free StartSSL certs and the authority appears as StartCom, Ltd. in Firefox.

In my experience it is already a trusted authority in most/all browsers. At least I didn’t have to manually trust it, and I haven’t run into one that complains about it.