[CentOS] https and self signed
Walter H.
Walter.H at mathemainzel.info
Fri Jun 17 15:06:33 UTC 2016
On 17.06.2016 16:46, James B. Byrne wrote:
> On Thu, June 16, 2016 13:53, Walter H. wrote:
>> On 15.06.2016 16:17, Warren Young wrote:
>>> but it also affects the other public CAs: you can’t get a
>>> publicly-trusted cert for a machine without a publicly-recognized
>>> and -visible domain name. For that, you still need to use
>>> self-signed certs or certs signed by a private CA.
>>>
>> A private CA is the same as self signed;
>>
> No it is not. A private CA is as trustworthy as the organisation that
> operates it. No more and not one bit less.
>
> We operate a private CA for our domain and have since 2005. We
> maintain a public CRL strictly in accordance with our CPS and have our
> own OID assigned.
for your understanding: every root CA certificate is self signed;
any SSL certificate that was signed by a CA not delivered as built-in
token in a browser is the same as self-signed;
More information about the CentOS
mailing list