[Mageia-sysadm] SSL certificate
Romain d'Alverny
rdalverny at gmail.com
Wed Feb 9 17:15:06 CET 2011
On Wed, Feb 9, 2011 at 16:58, Michael Scherer <misc at zarb.org> wrote:
> Le mercredi 09 février 2011 à 15:36 +0100, Romain d'Alverny a écrit :
> Given the price of a wildcard cert, we didn't check others providers
> when we faced the issue at my work. But that's something to look for
> IMHO.
>
> Ie, be sure to keep only single level url.
Yes.
>> >> For other solutions, Cacert is not an option so far.
>> >
>> > Why ? Wobo and Pascal are both assurers, IIRC, as is rapsys.
>>
>> For the single reason it is not recognized by Firefox:
>> * https://bugzilla.mozilla.org/show_bug.cgi?id=215243
>> * http://wiki.cacert.org/InclusionStatus
>>
>> Or my understanding of the issue at stake is wrong?
>
> I may be wrong, but can't we have more than one certificate, ie, to have
> the website certified by gandi and by cacert ?
No idea.
> This way, we have a certificate that work in cacert, and we also benefit
> from the reputation of using something less commercial [...]
I don't see a benefit in this. It's really only a matter of getting a
basic significant infrastructure bit in place, from my POV.
> Another possible complementary approach would be to look at the monkey
> sphere project ( http://web.monkeysphere.info/why/ ) ( at least for the
> openssh part ), but that's for sure not a solution to the problem of
> regular people who are scared by the firefox dialog.
That's interesting stuff, but indeed; here we are looking to the issue
to have the SSL certificate be recognized by major vendors. At least
for the most public sites (www if needed, identity, bugzilla, ml,
wiki, etc.).
Romain
More information about the Mageia-sysadm
mailing list