[CentOS] https and self signed

Thu Jun 16 18:12:20 UTC 2016
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Thu, June 16, 2016 12:53 pm, Walter H. wrote:
> On 15.06.2016 16:17, Warren Young wrote:
>> On Jun 15, 2016, at 7:57 AM, Александр
>> Кириллов<nevis2us at infoline.su>  wrote:
>>> Nowadays it's quite easy to get normal ssl certificates for free. E.g.
>>> http://www.startssl.com
>>> http://buy.wosign.com/free
>> Today, I would prefer Let’s Encrypt:
>>    https://letsencrypt.org/
>> It is philosophically aligned with the open source software world,
>> rather than act as bait for a company that would prefer to sell you a
>> cert instead.
>> I’m only aware of one case where you absolutely cannot use Let’s
>> Encrypt,
> there is more than one case; just think of trust;
> lets encrypt only trusts for 3 months;

Could you elaborate on that?


 would you really except in an
> onlineshop, someone trusts this shop?
> let us think something like this: "when the CA only trusts for 3 months,
> how should I trust for a longer period
> which is important for warranty ..."
>>   but it also affects the other public CAs: you can’t get a
>> publicly-trusted cert for a machine without a publicly-recognized and
>> -visible domain name.  For that, you still need to use self-signed
>> certs or certs signed by a private CA.
> A private CA is the same as self signed;
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247