On 2025-02-02 09:58, Dianne Skoll via linux wrote:
> On Fri, 31 Jan 2025 14:37:57 -0500
> Tug Williams via linux <[email protected]> wrote:
>
> > Finally - I don't get why self-signing should be a problem? By all
> > means don't trust some-dodgy-domain.com, but trust that it comes from
> > some-dodgy-domain.com. Paying for a certificate seems about as
> > trustworthy as paying for a checkmark on nee-twitter.
>
> You can get certificates (including wildcard certificates) for free
> from LetsEncrypt. I have a wildcard certificate for *.skoll.ca that I
> use everywhere I need SSL.
For the win. I recently had some help (thanks alp) in getting
LetEncrypt set up on my (very crusty) Debian web server and it is
working great. I also use that cert for smtp so now it appears as a
legit cert to web and mail clients because the cert chain goes back to a
CA that is installed in the client. That way, you don't need to ask
your users to accept a self-published "snake-oil" cert. Unfortunately,
this does involve US-based infra, but it is run by people we trust (EFF
and IESG).
> Regards,
> Dianne.
slainte mhath, RGB
--
Richard Guy Briggs -- ~\ -- ~\ <hpv.tricolour.ca>
<www.TriColour.ca> -- \___ o \@ @ Ride yer bike!
Ottawa, ON, CANADA -- Lo_>__M__\\/\%__\\/\%
Vote! -- <greenparty.ca>_____GTVS6#790__(*)__(*)________(*)(*)_________________
To unsubscribe send a blank message to [email protected]
To get help send a blank message to [email protected]
To visit the archives: https://lists.linux-ottawa.org
