diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2011-February/002652.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2011-February/002652.html | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2011-February/002652.html b/zarb-ml/mageia-sysadm/2011-February/002652.html new file mode 100644 index 000000000..af49545e5 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2011-February/002652.html @@ -0,0 +1,119 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] SSL certificate + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20SSL%20certificate&In-Reply-To=%3C1297267115.14654.139.camel%40akroma.ephaone.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="002649.html"> + <LINK REL="Next" HREF="002654.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] SSL certificate</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20SSL%20certificate&In-Reply-To=%3C1297267115.14654.139.camel%40akroma.ephaone.org%3E" + TITLE="[Mageia-sysadm] SSL certificate">misc at zarb.org + </A><BR> + <I>Wed Feb 9 16:58:35 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="002649.html">[Mageia-sysadm] SSL certificate +</A></li> + <LI>Next message: <A HREF="002654.html">[Mageia-sysadm] SSL certificate +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2652">[ date ]</a> + <a href="thread.html#2652">[ thread ]</a> + <a href="subject.html#2652">[ subject ]</a> + <a href="author.html#2652">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le mercredi 09 février 2011 à 15:36 +0100, Romain d'Alverny a écrit : +><i> On Wed, Feb 9, 2011 at 15:22, Michael Scherer <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">misc at zarb.org</A>> wrote: +</I>><i> > Another issue we had with rapidssl was for foo.barr.domain when the +</I>><i> > certificate was *.domain. That's something we need to check and to test +</I>><i> > for sure. +</I>><i> +</I>><i> AFAIK, that is the case for all wildcards that only work on a single +</I>><i> subdomain level, no? +</I> +Given the price of a wildcard cert, we didn't check others providers +when we faced the issue at my work. But that's something to look for +IMHO. + +Ie, be sure to keep only single level url. + +><i> >> For other solutions, Cacert is not an option so far. +</I>><i> > +</I>><i> > Why ? Wobo and Pascal are both assurers, IIRC, as is rapsys. +</I>><i> +</I>><i> For the single reason it is not recognized by Firefox: +</I>><i> * <A HREF="https://bugzilla.mozilla.org/show_bug.cgi?id=215243">https://bugzilla.mozilla.org/show_bug.cgi?id=215243</A> +</I>><i> * <A HREF="http://wiki.cacert.org/InclusionStatus">http://wiki.cacert.org/InclusionStatus</A> +</I>><i> +</I>><i> Or my understanding of the issue at stake is wrong? +</I> +I may be wrong, but can't we have more than one certificate, ie, to have +the website certified by gandi and by cacert ? + +I have asked the details on some irc channel, but it was not clear about +what we can achieve in this regard. + +This way, we have a certificate that work in cacert, and we also benefit +from the reputation of using something less commercial ( not that I +think gandi does a bad job, and also i do not say because I know the guy +there, but the whole centralisation around x509 is bad, so we should try +to find a better if this is not detrimental ). + +Another possible complementary approach would be to look at the monkey +sphere project ( <A HREF="http://web.monkeysphere.info/why/">http://web.monkeysphere.info/why/</A> ) ( at least for the +openssh part ), but that's for sure not a solution to the problem of +regular people who are scared by the firefox dialog. + +-- +Michael Scherer + +</PRE> + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="002649.html">[Mageia-sysadm] SSL certificate +</A></li> + <LI>Next message: <A HREF="002654.html">[Mageia-sysadm] SSL certificate +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2652">[ date ]</a> + <a href="thread.html#2652">[ thread ]</a> + <a href="subject.html#2652">[ subject ]</a> + <a href="author.html#2652">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |