Notices


Reply
Thread Tools
vitaminj's Avatar
Posts: 382 | Thanked: 841 times | Joined on Dec 2009 @ London, UK
#11
Why a commercial certificate? A cheap commercial one (or free StartCom) is no "better" than a let's encrypt one, unless we are concerned about the cert chain baked into old devices (N900/N9 I assume) not including let's encrypt.

But let's encrypt isn't dodgy, shoddy, confusing, complicated or anything. You run one script and it's all automated for you, including changing apache (or other server) config, that's the whole point of the thing.

Seriously, anyone who's ever "set up" let's encrypt would never look back to using StartCom or paying tens of $currency for a cheap non-EV cert. I remember those old days with horror, all the manual faffing that used to be required.
 

The Following 6 Users Say Thank You to vitaminj For This Useful Post:
gerbick's Avatar
Posts: 6,488 | Thanked: 14,120 times | Joined on Jul 2007 @ undecided.
#12
I hate to ask a potentially simple question; however the discussion as to what has to be done seems to lean towards Let's Encrypt. But my question is surrounding the when.

Each time I click the header navigation here, I get a warning. I hate that warning.
__________________
gerbick | iPhone X [ 256GB iOS 11.2 Beta ] | iPad Pro [ 256GB iOS 11.2 Beta ]
Former Maemo Council Member - 2015
 

The Following 10 Users Say Thank You to gerbick For This Useful Post:
Posts: 1,042 | Thanked: 3,435 times | Joined on Oct 2014
#13
Originally Posted by vitaminj View Post
Why a commercial certificate? A cheap commercial one (or free StartCom) is no "better" than a let's encrypt one, unless we are concerned about the cert chain baked into old devices (N900/N9 I assume) not including let's encrypt.

But let's encrypt isn't dodgy, shoddy, confusing, complicated or anything. You run one script and it's all automated for you, including changing apache (or other server) config, that's the whole point of the thing.

Seriously, anyone who's ever "set up" let's encrypt would never look back to using StartCom or paying tens of $currency for a cheap non-EV cert. I remember those old days with horror, all the manual faffing that used to be required.
Whatever is chosen, itís fine with me. Letsencrypt is free, and trusted.
Startcom on the other hand, is neither. So please donít use that.
__________________
You can still support my work by donation - click here

ETH: 0xf7544913017653719259c92d38d50d9d55f7c6cd
 

The Following 7 Users Say Thank You to nieldk For This Useful Post:
Posts: 3,233 | Thanked: 4,137 times | Joined on May 2011 @ Poland
#14
I think you should get any certificate, even from Let's Encrypt, just so that you have more 90 days to debate.

Adding an exception every time I visit tmo is at least irritating.
__________________
If you want to support my work, you can donate by PayPal or Flattr

Current project:
Porting SailfishOS onto OnePlus 3

Projects no longer actively developed: here
 

The Following 9 Users Say Thank You to marmistrz For This Useful Post:
Posts: 36 | Thanked: 107 times | Joined on Apr 2010 @ Norway
#15
Nice! So the certificate yesterday got updated to a Let's Encrypt certificate for the next three months.
 

The Following 13 Users Say Thank You to BentL For This Useful Post:
Posts: 1,042 | Thanked: 3,435 times | Joined on Oct 2014
#16
Marvelous !
Better than most
Attached Images
 
__________________
You can still support my work by donation - click here

ETH: 0xf7544913017653719259c92d38d50d9d55f7c6cd
 

The Following 11 Users Say Thank You to nieldk For This Useful Post:
mosen's Avatar
Community Council | Posts: 861 | Thanked: 5,201 times | Joined on Nov 2014 @ Kitchen
#17
Nice choice!

The 90 days xpiration is a good thing and should be done by all others too. It is hard to revoke a cert so it limits damage from key compromise and mis-issuance to have short lifespans.

I plead for RFC change to max 90 days

Also it would encourage other authorities to automate the renewal like letsencrypt does because manual renewal would become really expensive.
 

The Following 5 Users Say Thank You to mosen For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 14:12.