Eddy Nigg wrote:
Also interesting choice of the CA, even though I realized
that you happen to change your server cert quite frequently ;-)
Well, the price was a factor :-) However what I found even more
important was support for SubjAltName and the ability to get a
certificate for both
Frank Hecker:
Note in that regard that the StartCom interface is actually not as
flexible as I'd like. It forced me to specify www.hecker.org as the CN
and hecker.org as a SAN, when I would have preferred it the other way
around, since hecker.org is now the canonical site name.
There are
Eddy Nigg (StartCom Ltd.) wrote:
Eddy Nigg (StartCom Ltd.):
Frank Hecker:
I tried out my own site on it, and got a C.
LOL, I got a A 80 :-)
Actually it doesn't honor SAN DNS extension...but it's a cute utility.
Reached a A 82 as well, just need to use the CN value of the certificate.
Frank Hecker:
After regenerating the server private key (using a 2048-bit modulus),
getting a new certificate (from StartCom), and changing the server
ciphersuites, I managed to get a score of 84 (A), which matches the
highest scores reported for other sites:
Well done! Also interesting
Frank Hecker:
I tried out my own site on it, and got a C.
LOL, I got a A 80 :-)
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Mohamad Badra
CNRS - LIMOS Laboratory
Eddy Nigg (StartCom Ltd.) a écrit :
Frank Hecker:
I tried out my own site on it, and got a C.
I think you deserve better than Addy if you enable EDH based ciphersuites :)
LOL, I got a A 80 :-)
Bravo, better than Microsoft:)
Best regards,
Badra
6 matches
Mail list logo
