[CentOS] https and self signed
galtsev at kicp.uchicago.edu
Wed Jun 15 16:47:25 UTC 2016
On Wed, June 15, 2016 10:38 am, Warren Young wrote:
> On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu>
>> I do see WoSign there (though I'd prefer to avoid my US located servers
>> have certificates signed by authority located in China, hence located
>> of behind "the great firewall of China" - call me superstitious).
> Thatâs a perfectly valid concern. The last I heard, modern browsers
> trust 1,100 CAs! Surely some of those CAs have interests that do not
> align with my interests.
>> I do not see neither starttls.com nor letsencrypt.org between
> Thatâs because they are not top-tier CAs.
>> This means (correct me if I'm wrong) that client has to
>> import one of these Certification Authorities certificates
> You must be unaware of certificate chaining:
Sorry, intermediate authorities just slept off my mind somehow (to say
worst: my server certificated _are_ signed by intermediate CA - shame on
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
More information about the CentOS