[dev] [en] SSL certificate: which one ?
Goffi
goffi at goffi.org
Mar 25 Mar 12:30:09 CET 2014
I forget to say, StartSSL certificates are also accepted in xmpp.net security
tests.
In my opinion, we should use a Class I startSSL certitficate for the moment,
and think more deeply about it when we will have an official
association/cooperative status.
The big advantage in comparaison of CAcert is that there are no browser
warning.
Here are the policies of startcom: https://startssl.com/policy.pdf, it's
pretty long (50 pages) so please double check that it's OK...
Le mardi 25 mars 2014, 12:08:24 Goffi a écrit :
> G'day,
>
> as Souliane as implemented https support in Libervia, we now need a
> certificate for libervia.org serveur/Libervia instance. I'd like your
> advices for the following options:
>
> - self-signed certificate:
> PROS:
> * free
> * easy and quick to do
> CONS:
> * can't do authentification
> * warning in browsers
> * not accepted in xmpp.net security test
>
> - CAcert (https://www.cacert.org/):
> PROS:
> * free
> * based on community, not commercial, more on less in the spirit of
> SàT
> * accepted in xmpp.net security test
> CONS:
> * warning in browsers
> * recently removed from Debian and Ubuntu, its seems that there are
> some security concerns according to the bugs comments
> (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434)
>
> - StartSSL (https://startssl.com/):
> PROS:
> * free for Class 1
> * no warning in browsers
> CONS:
> * Non commercial use (SàT is not commercial, but as we are planing
> to create a cooperative and to have salaries, we must check the terms of
> use) * only one domain and one subdomain
> * free certificate is 1 year only (but it can be renewed)
>
>
>
> OK, so what's you opinion ? Do you have any other option ? It's possible to
> have a self-signed certificate first, and change later.
>
> Cheers
> Goffi
>
> _______________________________________________
> dev mailing list
> dev at goffi.org
> http://lists.goffi.org/listinfo/dev
Plus d'informations sur la liste de diffusion dev