[dev] [en] SSL certificate: which one ?

Goffi goffi at goffi.org
Mar 25 Mar 13:13:20 CET 2014 

Some intersting talks (in french):


- https://linuxfr.org/aide#aide-autrecertificatssl

- https://linuxfr.org/users/dinomasque/journaux/auto-hebergement-et-securisation-des-acces-via-https

- https://linuxfr.org/news/%C3%A9volutions-sur-linuxfr--3#comment-928531

CAcert is clairly more in the spirit of SàT, but it's not included in browsers 
and will not be anytime soon. So let me know what you think...


Le mardi 25 mars 2014, 12:30:09 Goffi a écrit :
> I forget to say, StartSSL certificates are also accepted in xmpp.net
> security tests.
> 
> In my opinion, we should use a Class I startSSL certitficate for the moment,
> and think more deeply about it when we will have an official
> association/cooperative status.
> 
> The big advantage in comparaison of CAcert is that there are no browser
> warning.
> 
> Here are the policies of startcom: https://startssl.com/policy.pdf, it's
> pretty long (50 pages) so please double check that it's OK...
> 
> Le mardi 25 mars 2014, 12:08:24 Goffi a écrit :
> > G'day,
> > 
> > as Souliane as implemented https support in Libervia, we now need a
> > certificate for libervia.org serveur/Libervia instance. I'd like your
> > advices for the following options:
> > 
> > - self-signed certificate:
> > 	PROS:
> > 		* free
> > 		* easy and quick to do
> > 	
> > 	CONS:
> > 		* can't do authentification
> > 		* warning in browsers
> > 		* not accepted in xmpp.net security test
> > 
> > - CAcert (https://www.cacert.org/):
> > 	PROS:
> > 		* free
> > 		* based on community, not commercial, more on less in the spirit of
> > 
> > SàT
> > 
> > 		* accepted in xmpp.net security test
> > 	
> > 	CONS:
> > 		* warning in browsers
> > 		* recently removed from Debian and Ubuntu, its seems that there are
> > 
> > some security concerns according to the bugs comments
> > (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434)
> > 
> > - StartSSL (https://startssl.com/):
> > 	PROS:
> > 		* free for Class 1
> > 		* no warning in browsers
> > 	
> > 	CONS:
> > 		* Non commercial use (SàT is not commercial, but as we are planing
> > 
> > to create a cooperative and to have salaries, we must check the terms of
> > use) * only one domain and one subdomain
> > 
> > 		* free certificate is 1 year only (but it can be renewed)
> > 
> > OK, so what's you opinion ? Do you have any other option ? It's possible
> > to
> > have a self-signed certificate first, and change later.
> > 
> > Cheers
> > Goffi
> > 
> > _______________________________________________
> > dev mailing list
> > dev at goffi.org
> > http://lists.goffi.org/listinfo/dev
> 
> _______________________________________________
> dev mailing list
> dev at goffi.org
> http://lists.goffi.org/listinfo/dev

Plus d'informations sur la liste de diffusion dev