[CentOS] https and self signed

Fri Jun 17 14:27:03 UTC 2016
Александр Кириллов <nevis2us at infoline.su>

Walter H. писал 2016-06-16 22:54:
> On 16.06.2016 21:42, Александр Кириллов wrote:
>>> that is right, but hink of your potential clients, because
>>> wosign has a problem - slow OCSP, ...
>>> because their server infrastucture is located in China, and not the
>>> best bandwidth ...
>>> when validity checks of the used SSL certificate very probable fail,
>>> it is worse than not using SSL ...
>> I don't think OCSP is critical for free certificates suitable for 
>> small businesses and personal sites.
> this is philosophy;
> I'd say when you do it then do it good, else don't do it;

Then OCSP stapling is the way to go but it could be a real PITA to setup 
for the first time and may not be supported by older browsers anyway.