maemo.org - Talk
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   General (https://talk.maemo.org/forumdisplay.php?f=7)
-   -   talk.maemo.org certificate expired! (https://talk.maemo.org/showthread.php?t=99658)

vitaminj 2017-08-09 15:04
Re: talk.maemo.org certificate expired!
 
Why a commercial certificate? A cheap commercial one (or free StartCom) is no "better" than a let's encrypt one, unless we are concerned about the cert chain baked into old devices (N900/N9 I assume) not including let's encrypt.

But let's encrypt isn't dodgy, shoddy, confusing, complicated or anything. You run one script and it's all automated for you, including changing apache (or other server) config, that's the whole point of the thing.

Seriously, anyone who's ever "set up" let's encrypt would never look back to using StartCom or paying tens of $currency for a cheap non-EV cert. I remember those old days with horror, all the manual faffing that used to be required.

gerbick 2017-08-09 15:26
Re: talk.maemo.org certificate expired!
 
I hate to ask a potentially simple question; however the discussion as to what has to be done seems to lean towards Let's Encrypt. But my question is surrounding the when.

Each time I click the header navigation here, I get a warning. I hate that warning.

nieldk 2017-08-09 15:59
Re: talk.maemo.org certificate expired!
 
Quote:
Originally Posted by vitaminj (Post 1532332)
Why a commercial certificate? A cheap commercial one (or free StartCom) is no "better" than a let's encrypt one, unless we are concerned about the cert chain baked into old devices (N900/N9 I assume) not including let's encrypt.

But let's encrypt isn't dodgy, shoddy, confusing, complicated or anything. You run one script and it's all automated for you, including changing apache (or other server) config, that's the whole point of the thing.

Seriously, anyone who's ever "set up" let's encrypt would never look back to using StartCom or paying tens of $currency for a cheap non-EV cert. I remember those old days with horror, all the manual faffing that used to be required.
Whatever is chosen, it’s fine with me. Letsencrypt is free, and trusted.
Startcom on the other hand, is neither. So please don’t use that.

marmistrz 2017-08-09 18:17
Re: talk.maemo.org certificate expired!
 
I think you should get any certificate, even from Let's Encrypt, just so that you have more 90 days to debate.

Adding an exception every time I visit tmo is at least irritating.

BentL 2017-08-12 11:14
Re: talk.maemo.org certificate expired!
 
Nice! So the certificate yesterday got updated to a Let's Encrypt certificate for the next three months.

nieldk 2017-08-12 12:55
Re: talk.maemo.org certificate expired!
 
1 Attachment(s)
Marvelous !
Better than most :)

mosen 2017-08-12 22:36
Re: talk.maemo.org certificate expired!
 
Nice choice!

The 90 days xpiration is a good thing and should be done by all others too. It is hard to revoke a cert so it limits damage from key compromise and mis-issuance to have short lifespans.

I plead for RFC change to max 90 days :D

Also it would encourage other authorities to automate the renewal like letsencrypt does because manual renewal would become really expensive.


All times are GMT. The time now is 15:34.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8