[dev] [en] SSL certificate: which one ?

Adrien souliane at mailoo.org
Mar 25 Mar 13:42:53 CET 2014 

I would go for CACert. The warning is the browser is not a big deal IMHO.


On 03/25/2014 01:13 PM, Goffi wrote:
> Some intersting talks (in french):
>
>
> - https://linuxfr.org/aide#aide-autrecertificatssl
>
> - https://linuxfr.org/users/dinomasque/journaux/auto-hebergement-et-securisation-des-acces-via-https
>
> - https://linuxfr.org/news/%C3%A9volutions-sur-linuxfr--3#comment-928531
>
> CAcert is clairly more in the spirit of SàT, but it's not included in browsers
> and will not be anytime soon. So let me know what you think...
>
>
> Le mardi 25 mars 2014, 12:30:09 Goffi a écrit :
>> I forget to say, StartSSL certificates are also accepted in xmpp.net
>> security tests.
>>
>> In my opinion, we should use a Class I startSSL certitficate for the moment,
>> and think more deeply about it when we will have an official
>> association/cooperative status.
>>
>> The big advantage in comparaison of CAcert is that there are no browser
>> warning.
>>
>> Here are the policies of startcom: https://startssl.com/policy.pdf, it's
>> pretty long (50 pages) so please double check that it's OK...
>>
>> Le mardi 25 mars 2014, 12:08:24 Goffi a écrit :
>>> G'day,
>>>
>>> as Souliane as implemented https support in Libervia, we now need a
>>> certificate for libervia.org serveur/Libervia instance. I'd like your
>>> advices for the following options:
>>>
>>> - self-signed certificate:
>>> 	PROS:
>>> 		* free
>>> 		* easy and quick to do
>>> 	
>>> 	CONS:
>>> 		* can't do authentification
>>> 		* warning in browsers
>>> 		* not accepted in xmpp.net security test
>>>
>>> - CAcert (https://www.cacert.org/):
>>> 	PROS:
>>> 		* free
>>> 		* based on community, not commercial, more on less in the spirit of
>>>
>>> SàT
>>>
>>> 		* accepted in xmpp.net security test
>>> 	
>>> 	CONS:
>>> 		* warning in browsers
>>> 		* recently removed from Debian and Ubuntu, its seems that there are
>>>
>>> some security concerns according to the bugs comments
>>> (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434)
>>>
>>> - StartSSL (https://startssl.com/):
>>> 	PROS:
>>> 		* free for Class 1
>>> 		* no warning in browsers
>>> 	
>>> 	CONS:
>>> 		* Non commercial use (SàT is not commercial, but as we are planing
>>>
>>> to create a cooperative and to have salaries, we must check the terms of
>>> use) * only one domain and one subdomain
>>>
>>> 		* free certificate is 1 year only (but it can be renewed)
>>>
>>> OK, so what's you opinion ? Do you have any other option ? It's possible
>>> to
>>> have a self-signed certificate first, and change later.
>>>
>>> Cheers
>>> Goffi
>>>
>>> _______________________________________________
>>> dev mailing list
>>> dev at goffi.org
>>> http://lists.goffi.org/listinfo/dev
>>
>> _______________________________________________
>> dev mailing list
>> dev at goffi.org
>> http://lists.goffi.org/listinfo/dev
>
>
> _______________________________________________
> dev mailing list
> dev at goffi.org
> http://lists.goffi.org/listinfo/dev
>

Plus d'informations sur la liste de diffusion dev