[dev] [en] SSL certificate: which one ?

[Goffi]

I forget to say, StartSSL certificates are also accepted in xmpp.net security 
tests.

In my opinion, we should use a Class I startSSL certitficate for the moment, 
and think more deeply about it when we will have an official 
association/cooperative status.

The big advantage in comparaison of CAcert is that there are no browser 
warning.

Here are the policies of startcom: https://startssl.com/policy.pdf, it's 
pretty long (50 pages) so please double check that it's OK...

Le mardi 25 mars 2014, 12:08:24 Goffi a écrit :
> G'day,
> 
> as Souliane as implemented https support in Libervia, we now need a
> certificate for libervia.org serveur/Libervia instance. I'd like your
> advices for the following options:
> 
> - self-signed certificate:
> 	PROS:
> 		* free
> 		* easy and quick to do
> 	CONS:
> 		* can't do authentification
> 		* warning in browsers
> 		* not accepted in xmpp.net security test
> 
> - CAcert (https://www.cacert.org/):
> 	PROS:
> 		* free
> 		* based on community, not commercial, more on less in the spirit of
> SàT
> 		* accepted in xmpp.net security test
> 	CONS:
> 		* warning in browsers
> 		* recently removed from Debian and Ubuntu, its seems that there are
> some security concerns according to the bugs comments
> (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434)
> 
> - StartSSL (https://startssl.com/):
> 	PROS:
> 		* free for Class 1
> 		* no warning in browsers
> 	CONS:
> 		* Non commercial use (SàT is not commercial, but as we are planing
> to create a cooperative and to have salaries, we must check the terms of
> use) * only one domain and one subdomain
> 		* free certificate is 1 year only (but it can be renewed)
> 
> 
> 
> OK, so what's you opinion ? Do you have any other option ? It's possible to
> have a self-signed certificate first, and change later.
> 
> Cheers
> Goffi
> 
> _______________________________________________
> dev mailing list
> dev at goffi.org
> http://lists.goffi.org/listinfo/dev