On 2025-02-02 09:58, Dianne Skoll via linux wrote: > On Fri, 31 Jan 2025 14:37:57 -0500 > Tug Williams via linux <linux [ at ] linux-ottawa [ dot ] org> wrote: > > > Finally - I don't get why self-signing should be a problem? By all > > means don't trust some-dodgy-domain.com, but trust that it comes from > > some-dodgy-domain.com. Paying for a certificate seems about as > > trustworthy as paying for a checkmark on nee-twitter. > > You can get certificates (including wildcard certificates) for free > from LetsEncrypt. I have a wildcard certificate for *.skoll.ca that I > use everywhere I need SSL. For the win. I recently had some help (thanks alp) in getting LetEncrypt set up on my (very crusty) Debian web server and it is working great. I also use that cert for smtp so now it appears as a legit cert to web and mail clients because the cert chain goes back to a CA that is installed in the client. That way, you don't need to ask your users to accept a self-published "snake-oil" cert. Unfortunately, this does involve US-based infra, but it is run by people we trust (EFF and IESG). > Regards, > Dianne. slainte mhath, RGB -- Richard Guy Briggs -- ~\ -- ~\ <hpv.tricolour.ca> <www.TriColour.ca> -- \___ o \@ @ Ride yer bike! Ottawa, ON, CANADA -- Lo_>__M__\\/\%__\\/\% Vote! -- <greenparty.ca>_____GTVS6#790__(*)__(*)________(*)(*)_________________ To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org To visit the archives: https://lists.linux-ottawa.org