[CentOS] https and self signed

Wed Jun 15 16:55:32 UTC 2016
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Wed, June 15, 2016 10:31 am, Scott Robbins wrote:
> On Wed, Jun 15, 2016 at 10:02:57AM -0500, Valeri Galtsev wrote:
>> On Wed, June 15, 2016 9:17 am, Warren Young wrote:
>> >>
>> >> Nowadays it's quite easy to get normal ssl certificates for free.
>> E.g.
>> >
>> > Today, I would prefer Let’s Encrypt:
>> >
>> >   https://letsencrypt.org/
>> >
>> > It is philosophically aligned with the open source software world,
>> rather
>> > than act as bait for a company that would prefer to sell you a cert
>> > instead.
>> I have got question for experts. I just opened settings of Firefox
>> (latest, on FreeBSD), and took a look at the list of Certification
>> Authorities it comes with.
>> I do see WoSign there (though I'd prefer to avoid my US located servers
>> have certificates signed by authority located in China, hence located
>> sort
>> of behind "the great firewall of China" - call me superstitious).
>> I do not see neither starttls.com nor letsencrypt.org between
>> Authorities
>> certificates.
> I'm not an expert by any means, but I use letsencrypt (mostly for testing)
> and it's always worked for me in FreeBSD with Firefox, without any special
> effort on my part.
> You can try https://srobb.net which is using letsencrypt as its cert.

Thanks, Scott, I made a note, and will use it if there ever will be a need
(Now I get certs signed through institutional channel by intermediate
authority as well!). Intermediate CAs somehow slept my mind today (I
probably missed my morning coffee ;-)


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247