diff options
| author | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
|---|---|---|
| committer | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
| commit | 1be510f9529cb082f802408b472a77d074b394c0 (patch) | |
| tree | b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-sysadm/2011-February/002648.html | |
| parent | fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff) | |
| download | archives-master.tar archives-master.tar.gz archives-master.tar.bz2 archives-master.tar.xz archives-master.zip | |
Diffstat (limited to 'zarb-ml/mageia-sysadm/2011-February/002648.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2011-February/002648.html | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2011-February/002648.html b/zarb-ml/mageia-sysadm/2011-February/002648.html new file mode 100644 index 000000000..3028397df --- /dev/null +++ b/zarb-ml/mageia-sysadm/2011-February/002648.html @@ -0,0 +1,118 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] SSL certificate + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20SSL%20certificate&In-Reply-To=%3C1297261340.14654.124.camel%40akroma.ephaone.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="002645.html"> + <LINK REL="Next" HREF="002649.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] SSL certificate</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20SSL%20certificate&In-Reply-To=%3C1297261340.14654.124.camel%40akroma.ephaone.org%3E" + TITLE="[Mageia-sysadm] SSL certificate">misc at zarb.org + </A><BR> + <I>Wed Feb 9 15:22:20 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="002645.html">[Mageia-sysadm] SSL certificate +</A></li> + <LI>Next message: <A HREF="002649.html">[Mageia-sysadm] SSL certificate +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2648">[ date ]</a> + <a href="thread.html#2648">[ thread ]</a> + <a href="subject.html#2648">[ subject ]</a> + <a href="author.html#2648">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le mercredi 09 février 2011 à 13:41 +0100, Romain d'Alverny a écrit : +><i> Hi there, +</I>><i> +</I>><i> reminding previous discussion about that. Misc built +</I>><i> <A HREF="http://www.mageia.org/wiki/doku.php?id=web:certificates">http://www.mageia.org/wiki/doku.php?id=web:certificates</A> . +</I>><i> +</I>><i> I'd propose we go for Gandi for the following reasons: +</I>><i> * mageia.org domain is there already +</I>><i> * provides wildcard (120 € a year with their Standard, or 265 with +</I>><i> their Pro offer - <A HREF="https://www.gandi.net/ssl/compare">https://www.gandi.net/ssl/compare</A> ) +</I>><i> * you can get refund within 30 days if you have a pb +</I>><i> * accepts not-for-profits (no verification for Standard offer, +</I>><i> requires papers for Pro offer) +</I>><i> * we can pay from France +</I>><i> * it's a decent one, regarding others' prices from the list +</I>><i> * Gandi is a good player AFAIK and reputation seems good to me +</I>><i> +</I>><i> Disclosure: I do know people there and I do use it; that's in part why +</I>><i> I bother to recommand this solution. +</I>><i> +</I>><i> Misc, could you elaborate on the security record thing? +</I>><i> (<A HREF="http://www.win.tue.nl/hashclash/rogue-ca/">http://www.win.tue.nl/hashclash/rogue-ca/</A> ). +</I> +Well, not much besides that the rapidssl root certificate caused +troubles to the whole world PKI infrastructure ( ie, they were too lax +regarding their infrastructure ). But X509 is kinda crappy, as I said +several time :) + +The risk would have been to have the root certificate to be removed from +browser for various reasons. ( ie, not better than a self signed +certificate ). + +Another issue we had with rapidssl was for foo.barr.domain when the +certificate was *.domain. That's something we need to check and to test +for sure. + +><i> For other solutions, Cacert is not an option so far. +</I> +Why ? Wobo and Pascal are both assurers, IIRC, as is rapsys. + +-- +Michael Scherer + +</PRE> + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="002645.html">[Mageia-sysadm] SSL certificate +</A></li> + <LI>Next message: <A HREF="002649.html">[Mageia-sysadm] SSL certificate +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2648">[ date ]</a> + <a href="thread.html#2648">[ thread ]</a> + <a href="subject.html#2648">[ subject ]</a> + <a href="author.html#2648">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |