[CentOS] https and self signed

Wed Jun 15 15:48:46 UTC 2016
Warren Young <wyml at etr-usa.com>

On Jun 15, 2016, at 9:38 AM, Warren Young <wyml at etr-usa.com> wrote:
> 
> On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
> 
>> I do not see neither starttls.com nor letsencrypt.org between Authorities
>> certificates.
> 
> That’s because they are not top-tier CAs.

I forgot to mention that letsencrypt.com uses one of its own certificates.  You can use your browser’s certificate detail view to see the chain of trust.  I see two levels here: IdenTrust -> TrustID -> Let’s Encrypt.

As for starttls.com, that doesn’t exist; you’re probably confusing it with the SMTP STARTTLS protocol extension.  What you mean is startssl.com, which is the main public face of StartCom.  StartCom is a top-tier CA.