1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] SSL certificate
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20SSL%20certificate&In-Reply-To=%3C1297267115.14654.139.camel%40akroma.ephaone.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="002649.html">
<LINK REL="Next" HREF="002654.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] SSL certificate</H1>
<B>Michael Scherer</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20SSL%20certificate&In-Reply-To=%3C1297267115.14654.139.camel%40akroma.ephaone.org%3E"
TITLE="[Mageia-sysadm] SSL certificate">misc at zarb.org
</A><BR>
<I>Wed Feb 9 16:58:35 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="002649.html">[Mageia-sysadm] SSL certificate
</A></li>
<LI>Next message: <A HREF="002654.html">[Mageia-sysadm] SSL certificate
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2652">[ date ]</a>
<a href="thread.html#2652">[ thread ]</a>
<a href="subject.html#2652">[ subject ]</a>
<a href="author.html#2652">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Le mercredi 09 février 2011 à 15:36 +0100, Romain d'Alverny a écrit :
><i> On Wed, Feb 9, 2011 at 15:22, Michael Scherer <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">misc at zarb.org</A>> wrote:
</I>><i> > Another issue we had with rapidssl was for foo.barr.domain when the
</I>><i> > certificate was *.domain. That's something we need to check and to test
</I>><i> > for sure.
</I>><i>
</I>><i> AFAIK, that is the case for all wildcards that only work on a single
</I>><i> subdomain level, no?
</I>
Given the price of a wildcard cert, we didn't check others providers
when we faced the issue at my work. But that's something to look for
IMHO.
Ie, be sure to keep only single level url.
><i> >> For other solutions, Cacert is not an option so far.
</I>><i> >
</I>><i> > Why ? Wobo and Pascal are both assurers, IIRC, as is rapsys.
</I>><i>
</I>><i> For the single reason it is not recognized by Firefox:
</I>><i> * <A HREF="https://bugzilla.mozilla.org/show_bug.cgi?id=215243">https://bugzilla.mozilla.org/show_bug.cgi?id=215243</A>
</I>><i> * <A HREF="http://wiki.cacert.org/InclusionStatus">http://wiki.cacert.org/InclusionStatus</A>
</I>><i>
</I>><i> Or my understanding of the issue at stake is wrong?
</I>
I may be wrong, but can't we have more than one certificate, ie, to have
the website certified by gandi and by cacert ?
I have asked the details on some irc channel, but it was not clear about
what we can achieve in this regard.
This way, we have a certificate that work in cacert, and we also benefit
from the reputation of using something less commercial ( not that I
think gandi does a bad job, and also i do not say because I know the guy
there, but the whole centralisation around x509 is bad, so we should try
to find a better if this is not detrimental ).
Another possible complementary approach would be to look at the monkey
sphere project ( <A HREF="http://web.monkeysphere.info/why/">http://web.monkeysphere.info/why/</A> ) ( at least for the
openssh part ), but that's for sure not a solution to the problem of
regular people who are scared by the firefox dialog.
--
Michael Scherer
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="002649.html">[Mageia-sysadm] SSL certificate
</A></li>
<LI>Next message: <A HREF="002654.html">[Mageia-sysadm] SSL certificate
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2652">[ date ]</a>
<a href="thread.html#2652">[ thread ]</a>
<a href="subject.html#2652">[ subject ]</a>
<a href="author.html#2652">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
