[CentOS] https and self signed
Valeri Galtsev
galtsev at kicp.uchicago.edu
Thu Jun 16 18:12:20 UTC 2016
On Thu, June 16, 2016 12:53 pm, Walter H. wrote:
> On 15.06.2016 16:17, Warren Young wrote:
>> On Jun 15, 2016, at 7:57 AM, ÐлекÑандр
>> Кириллов<nevis2us at infoline.su> wrote:
>>> Nowadays it's quite easy to get normal ssl certificates for free. E.g.
>>>
>>> http://www.startssl.com
>>> http://buy.wosign.com/free
>> Today, I would prefer Let’s Encrypt:
>>
>> https://letsencrypt.org/
>>
>> It is philosophically aligned with the open source software world,
>> rather than act as bait for a company that would prefer to sell you a
>> cert instead.
>>
>> I’m only aware of one case where you absolutely cannot use Let’s
>> Encrypt,
> there is more than one case; just think of trust;
>
> lets encrypt only trusts for 3 months;
Could you elaborate on that?
Thanks.
Valeri
would you really except in an
> onlineshop, someone trusts this shop?
> let us think something like this: "when the CA only trusts for 3 months,
> how should I trust for a longer period
> which is important for warranty ..."
>
>> but it also affects the other public CAs: you can’t get a
>> publicly-trusted cert for a machine without a publicly-recognized and
>> -visible domain name. For that, you still need to use self-signed
>> certs or certs signed by a private CA.
> A private CA is the same as self signed;
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the CentOS
mailing list