[CentOS] https and self signed

Thu Jun 16 17:53:08 UTC 2016
Walter H. <Walter.H at mathemainzel.info>

On 15.06.2016 16:17, Warren Young wrote:
> On Jun 15, 2016, at 7:57 AM, Александр Кириллов<nevis2us at infoline.su>  wrote:
>> Nowadays it's quite easy to get normal ssl certificates for free. E.g.
>> http://www.startssl.com
>> http://buy.wosign.com/free
> Today, I would prefer Let’s Encrypt:
>    https://letsencrypt.org/
> It is philosophically aligned with the open source software world, rather than act as bait for a company that would prefer to sell you a cert instead.
> I’m only aware of one case where you absolutely cannot use Let’s Encrypt,
there is more than one case; just think of trust;

lets encrypt only trusts for 3 months; would you really except in an 
onlineshop, someone trusts this shop?
let us think something like this: "when the CA only trusts for 3 months, 
how should I trust for a longer period
which is important for warranty ..."

>   but it also affects the other public CAs: you can’t get a publicly-trusted cert for a machine without a publicly-recognized and -visible domain name.  For that, you still need to use self-signed certs or certs signed by a private CA.
A private CA is the same as self signed;