ssl certificate advice

Gregory Nowak greg at romuald.net.eu.org
Thu Oct 22 02:43:46 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi again everyone.

I wanted to say thanks to all who responded to my query for ideas for,
or against going with cacert. I've decided in the end to generate my
own root cert, and go with that. In the final analysis, most web
browsers accessing my site over ssl would get the same initial result,
whether I had gone with cacert, or not, as of now anyway. I also think
that Zach had summed it up the best when he pointed out that going
with my own root cert meant I had no strings attached, which would not
have been true for a cert issued by cacert. 

Also, thanks to Joseph L., for pointing out that getting a root cert
to be trusted by windows isn't that hard. When I first saw the steps
on cacert's wiki for manually importing a cert, I really only focused
on the number of steps there were, and not so much on what each step
contained. After reading Joseph's message, I had another more careful
look at that wiki entry, and was able to quit lynx, reboot into
windows, and basically import my root cert by feel/memory. I also must
admit that I was leaning towards using my own root cert, but didn't
want to say that in my initial post, so as to not influence whatever
responses I got. I also feel good about my choice, since this isn't
permanent of course, and when cacert gets their root cert into
most/all major browsers, I can always sign up with them then, or even
go commercial down the road.

Thanks again to those who responded, in spite of some fairly recent comments to the
contrary, this list is a great place to be.

Greg


- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager at EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkrf/yIACgkQ7s9z/XlyUyDYMQCgrTygF8ZkR+EPHgoKRADg7LMU
tlIAni3D6psEtVlBp6ows+xaAzLME4oM
=ni36
-----END PGP SIGNATURE-----



More information about the Speakup mailing list