[CentOS] https and self signed

Thu Jun 16 18:50:22 UTC 2016
Walter H. <Walter.H at mathemainzel.info>

On 16.06.2016 20:09, Gordon Messmer wrote:
> On 06/16/2016 10:53 AM, Walter H. wrote:
>> lets encrypt only trusts for 3 months; would you really except in an 
>> onlineshop, someone trusts this shop?
>> let us think something like this: "when the CA only trusts for 3 
>> months, how should I trust for a longer period
>> which is important for warranty ..."
> I doubt that most users check the dates on SSL certificates, unless 
> they are familiar enough with TLS to understand that a shorter 
> validity period is better for security. 
technically there is more: not the user needs to check the dates a SSL 
certificate is valid;

just compare it with real life:  which salesman would you trust more - 
the one that gets a new car every few years,
which has the same advertisings on it and maybe has the same color, or 
the other one that gets nearly every month
a new car, which looks totally different, other color and other 
advertisings on it?
(and its not a car dealer)

the same its with SSL certificates; so you have to find the golden 
middle way, as long as enough without loosing the security
and not too short to prevent not to get trust;