[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple

Jim Kinney jim.kinney at gmail.com
Mon Jan 30 17:05:46 EST 2017 

Yes. All the work stuff that public sees is InCommon. All the work stuff
for department only is self signed from our CA.

For the stuff that really matters, it's self-signed, private CA and client
certs as well.

On Jan 30, 2017 5:00 PM, "Lightner, Jeffrey" <JLightner at dsservices.com>
wrote:

> Self signed certificates may work for purely internal setups but for web
> services presented to the outside world they seldom do.
>
>
>
> If I were to go to emory.edu and it asked me to accept a self signed
> certificate rather than one from a well known CA I’d probably abandon the
> connection on the theory it was a spoof.   One doesn’t buy certificates
> because of a desire to spend money – one buys certificates so others can
> reasonably trust (based on the CA) the certificate is valid.
>
>
>
> Even if I knew and trusted someone at Emory who could provide me with the
> root certificate on the servers there I’d likely not bother to import it
> just due to the annoyance factor.   Having to install root certificates for
> well known CAs is all well and good.  Having to install them for everyone
> that decides they want to self sign would be an administrative nightmare.
>
>
>
> On checking just now it appears Emory uses a specific CA called “InCommon”
> apparently built specifically for .edu sites.
>
>
>
>
>
>
>
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of *Jim
> Kinney
> *Sent:* Monday, January 30, 2017 4:30 PM
> *To:* Atlanta Linux Enthusiasts - Yes! We run Linux!
> *Subject:* Re: [ale] Oct News: StartCom, WoSign distrusted by Mozilla,
> Google, Apple
>
>
>
> All of my certs are self signed from my own CA. If you don't trust them,
> you don't need to be there anyway.
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170130/715e03e8/attachment.html>

More information about the Ale mailing list