[OpenWrt-Devel] wiki.openwrt.org uses an invalid security certificate / expired on 12.2.2015 17:18
Saverio Proto
zioproto at gmail.com
Sat Feb 14 14:36:19 EST 2015
I think the business model of StartSSL and others, is that they give
certificates for free, but you have to pay a lot in case you need to
revoke a certificate.
my 2 cents
Saverio
2015-02-14 19:31 GMT+01:00 Alessandro Di Federico <ale+owrt at clearmind.me>:
> On Sat, 14 Feb 2015 18:21:41 +0100
> phaidros <phaidros at subsignal.org> wrote:
>
>> Nope, I would vote against StartSSL. I know it is free, but the
>> procedure sucks, and honestly: there is *one* company on the planet
>> givin out *free* SSL Certs .. if that doesn't ring bells, I dunno what
>> could :)
>
> They just say you're who you say you are, they don't have your private
> key. In any case, if you don't trust them, it doesn't matter, because
> they're part of the trusted set of the PKI, so everyone trusts them
> (and can be fooled by them). We could start talking about
> certificate pinning, but I don't think it's a priority right now.
>
> On Sat, 14 Feb 2015 09:35:29 -0800
> "Constantine A. Murenin" <mureninc at gmail.com> wrote:
>> No, WoSign also does.
>>
>> https://www.wosign.com/english/price.htm
>>
>> In fact, WoSign gives out free certificates valid for 2-years, and
>> they also even let you have multiple CNs in the same cert (although
>> wildcast for free is not supported).
>
> Never tried them. StartSSL certificates last one year and are valid for
> one second level domain (e.g. openwrt.org) and a third level
> domain(e.g. wiki.openwrt.org), but you can have as many of them as you
> want (e.g. one for openwrt.org+wiki.openwrt.org and one for
> openwrt.org+www.openwrt.org).
>
> If the admins are interested in *my* help I'd go for StartSSL, for the
> simple reason that it takes 30 seconds to generate a new certificate,
> since I'm already using it.
>
> In the future, we'll all use Let's encrypt and be happy [1].
>
> In any case, I'd avoid CACert [2].
>
> --
> Alessandro Di Federico
>
> [1] https://letsencrypt.org/
> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=215243
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list