>> That is one of the reasons I do not bother since long with public CAs
>> but rather deploy my own, including own OSCP responder.
> May I ask, how you create a CA which is valid for clients without them
> having to install your root cert?
>
> and CA trust in clients. Latter though could be eas
On 2018-07-30 19:45, ѽ҉ᶬḳ℠ wrote:
> That is one of the reasons I do not bother since long with public CAs
> but rather deploy my own, including own OSCP responder.
May I ask, how you create a CA which is valid for clients without them
having to install your root cert?
Cheers,
K. C.
--
regards
That is one of the reasons I do not bother since long with public CAs
but rather deploy my own, including own OSCP responder.
Which has of course has some drawbacks like redundancy, resilience,
bandwidth provision, geographical spread, implementing CA security
standards and CA trust in clients. La
Revocation doesn’t remove the certificates; it just marks them as invalid when
a TLS client bothers to check.
-FG
> On Jul 30, 2018, at 6:45 PM, David Mehler wrote:
>
> Hello,
>
> I have discovered what I believe is the issue after hearing back from
> Aquamail. And that is that android 7 whic
Hello,
I have discovered what I believe is the issue after hearing back from
Aquamail. And that is that android 7 which I'm running 7.0 that is,
only supports up to the p256 ecc curve. This brings up a question to
users of letsencrypt, when you revoke a certificate does it take it
out on the usage
FWIW, it’s relatively straightforward to do this with my Perl ACME
implementation, Net::ACME2.
You’ll get your first certificate order using one key, then request another
certificate with the other key.
-FG
> On Jul 30, 2018, at 1:49 PM, Aki Tuomi wrote:
>
> I don't know how to get both RSA
I don't know how to get both RSA and ECC cert from letsencrypt.
Aki
> On 30 July 2018 at 20:43 David Mehler wrote:
>
>
> Hello,
>
> What acme implementation do you use for your letsencrypt certificates?
> If it's acme.sh how do you get both rsa and ecc certificates? What
> configuration optio
Hello,
What acme implementation do you use for your letsencrypt certificates?
If it's acme.sh how do you get both rsa and ecc certificates? What
configuration options are you using in your configuration of services
to allow access to both rsa and ecc?
Thanks.
Dave.
On 7/30/18, David Mehler wro
Hello,
The client in question is the latest version of AquaMail running on android.
Thanks.
Dave.
On 7/30/18, Aki Tuomi wrote:
> You should, in practice, enable both. This gives best client compability. It
> is possible you have clients that cannot understand ECC certificates? You
> can use ss
You should, in practice, enable both. This gives best client compability. It is
possible you have clients that cannot understand ECC certificates? You can use
ssl_alt_cert to provide RSA cert too.
Aki
> On 30 July 2018 at 20:05 David Mehler wrote:
>
>
> Hi,
>
> Thanks, good news is that wor
Hi,
Thanks, good news is that worked. Bad news is it all looks good which
means I do not know hwhy my remote clients can't get their email,
looked like from the logs it was that.
Would 143 be better or 993 for the external clients?
Thanks.
Dave.
On 7/30/18, Aki Tuomi wrote:
>
>> On 30 July 20
> On 30 July 2018 at 19:16 David Mehler wrote:
>
>
> Hello,
>
> Does dovecot 2.3.x have any issues recognizing or using certificates
> that are ECC and wildcard? I'm trying to switch my letsencrypt
> implementation from acme-client which does not support either of those
> capabilities to acme
Hello,
Does dovecot 2.3.x have any issues recognizing or using certificates
that are ECC and wildcard? I'm trying to switch my letsencrypt
implementation from acme-client which does not support either of those
capabilities to acme.sh which does. Since then external clients
checking their email has
13 matches
Mail list logo