[Mageia-sysadm] SSL certificate

Wed Feb 9 17:15:06 CET 2011

On Wed, Feb 9, 2011 at 16:58, Michael Scherer <misc at zarb.org> wrote:
+> Le mercredi 09 février 2011 à 15:36 +0100, Romain d'Alverny a écrit :
+> Given the price of a wildcard cert, we didn't check others providers
+> when we faced the issue at my work. But that's something to look for
+> IMHO.
+>
+> Ie, be sure to keep only single level url.
+
+Yes.
+
+>> >> For other solutions, Cacert is not an option so far.
+>> >
+>> > Why ? Wobo and Pascal are both assurers, IIRC, as is rapsys.
+>>
+>> For the single reason it is not recognized by Firefox:
+>>  * https://bugzilla.mozilla.org/show_bug.cgi?id=215243
+>>  * http://wiki.cacert.org/InclusionStatus
+>>
+>> Or my understanding of the issue at stake is wrong?
+>
+> I may be wrong, but can't we have more than one certificate, ie, to have
+> the website certified by gandi and by cacert ?
+
+No idea.
+
+> This way, we have a certificate that work in cacert, and we also benefit
+> from the reputation of using something less commercial [...]
+
+I don't see a benefit in this. It's really only a matter of getting a
+basic significant infrastructure bit in place, from my POV.
+
+> Another possible complementary approach would be to look at the monkey
+> sphere project  ( http://web.monkeysphere.info/why/ ) ( at least for the
+> openssh part ), but that's for sure not a solution to the problem of
+> regular people who are scared by the firefox dialog.
+
+That's interesting stuff, but indeed; here we are looking to the issue
+to have the SSL certificate be recognized by major vendors. At least
+for the most public sites (www if needed, identity, bugzilla, ml,
+wiki, etc.).
+
+Romain
+