[CentOS] https and self signed

Wed Jun 15 15:31:26 UTC 2016
Scott Robbins <scottro11 at gmail.com>

On Wed, Jun 15, 2016 at 10:02:57AM -0500, Valeri Galtsev wrote:
> On Wed, June 15, 2016 9:17 am, Warren Young wrote:
> >>
> >> Nowadays it's quite easy to get normal ssl certificates for free. E.g.
> >
> > Today, I would prefer Let’s Encrypt:
> >
> >   https://letsencrypt.org/
> >
> > It is philosophically aligned with the open source software world, rather
> > than act as bait for a company that would prefer to sell you a cert
> > instead.
> I have got question for experts. I just opened settings of Firefox
> (latest, on FreeBSD), and took a look at the list of Certification
> Authorities it comes with.
> I do see WoSign there (though I'd prefer to avoid my US located servers
> have certificates signed by authority located in China, hence located sort
> of behind "the great firewall of China" - call me superstitious).
> I do not see neither starttls.com nor letsencrypt.org between Authorities
> certificates. 

I'm not an expert by any means, but I use letsencrypt (mostly for testing)
and it's always worked for me in FreeBSD with Firefox, without any special
effort on my part. 
You can try https://srobb.net which is using letsencrypt as its cert.

Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6