[CentOS] https and self signed

Fri Jun 17 15:06:33 UTC 2016
Walter H. <Walter.H at mathemainzel.info>

On 17.06.2016 16:46, James B. Byrne wrote:
> On Thu, June 16, 2016 13:53, Walter H. wrote:
>> On 15.06.2016 16:17, Warren Young wrote:
>>>   but it also affects the other public CAs: you can’t get a
>>> publicly-trusted cert for a machine without a publicly-recognized
>>> and -visible domain name.  For that, you still need to use
>>> self-signed certs or certs signed by a private CA.
>> A private CA is the same as self signed;
> No it is not.  A private CA is as trustworthy as the organisation that
> operates it.  No more and not one bit less.
> We operate a private CA for our domain and have since 2005.  We
> maintain a public CRL strictly in accordance with our CPS and have our
> own OID assigned.
for your understanding: every root CA certificate is self signed;
any SSL certificate that was signed by a CA not delivered as built-in 
token in a browser is the same as self-signed;