From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from linserver.romuald.net.eu.org (linserver.romuald.net.eu.org [63.228.150.209]) by speech.braille.uwo.ca (Postfix) with ESMTP id CEB6610C0B for ; Thu, 22 Oct 2009 02:43:43 -0400 (EDT) Received: by linserver.romuald.net.eu.org (Postfix, from userid 1000) id 8DA5A2690E8; Wed, 21 Oct 2009 23:43:46 -0700 (MST) Date: Wed, 21 Oct 2009 23:43:46 -0700 From: Gregory Nowak To: speakup@braille.uwo.ca Subject: re: ssl certificate advice Message-ID: <20091022064346.GA22474@romuald.net.eu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline X-PGP-Key: http://www.romuald.net.eu.org/pubkey.asc User-Agent: Mutt/1.5.18 (2008-05-17) X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.12 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Oct 2009 06:43:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi again everyone. I wanted to say thanks to all who responded to my query for ideas for, or against going with cacert. I've decided in the end to generate my own root cert, and go with that. In the final analysis, most web browsers accessing my site over ssl would get the same initial result, whether I had gone with cacert, or not, as of now anyway. I also think that Zach had summed it up the best when he pointed out that going with my own root cert meant I had no strings attached, which would not have been true for a cert issued by cacert. Also, thanks to Joseph L., for pointing out that getting a root cert to be trusted by windows isn't that hard. When I first saw the steps on cacert's wiki for manually importing a cert, I really only focused on the number of steps there were, and not so much on what each step contained. After reading Joseph's message, I had another more careful look at that wiki entry, and was able to quit lynx, reboot into windows, and basically import my root cert by feel/memory. I also must admit that I was leaning towards using my own root cert, but didn't want to say that in my initial post, so as to not influence whatever responses I got. I also feel good about my choice, since this isn't permanent of course, and when cacert gets their root cert into most/all major browsers, I can always sign up with them then, or even go commercial down the road. Thanks again to those who responded, in spite of some fairly recent comments to the contrary, this list is a great place to be. Greg - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager@EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkrf/yIACgkQ7s9z/XlyUyDYMQCgrTygF8ZkR+EPHgoKRADg7LMU tlIAni3D6psEtVlBp6ows+xaAzLME4oM =ni36 -----END PGP SIGNATURE-----