Notices tagged with cacert
-
#censorship 'built in' #CAcert 's
-
#rape #android #CAcert 's
-
Ah, okay. Ja, ist noch das selbstsignierte. :-( Momentan warte ich damit. Ich empfinde es von #Diaspora auch nicht gut, solche Zertifikate abzulehnen. Besser waere, wir machen eine eigene #CA auf, um uns Zertifikate auszustellen. Wer das von der CA annimmt, sieht gleich alle Server.
Ja, die Browser nehmen es wohl nicht an, also Anleitung dabei (ist sehr einfach zu erledigen). Weil, ich mag diese zentralisierten CAs nicht (mehr so sehr, ausser noch #CACert). Daher hatte ich welche von CACert genommen, da ich die Grundidee gut finde.
-
@socialistgeek If you mean my instance, I currently use #CACert SSL certificates as I wait until the "debacle" around their weak certificates is settled, means they have replaced them. :-) Sorry, currently I don't like to use #letsencrypt as it requires #sudo (root) from me and I currently wait for more peer code-reviews about scripts requiring root on my box. :-) For #StartSSL, my client certificate is expired and their website is not easy to restore access. :-/
-
@einfachbloggen OT: Deine Antwort ist hier nicht angekommen, weil ich dir nicht direkt folge.
Ich verwende hier noch ein selbstsigniertes Zertifikat, #CACert ist schoen einfach, leider aber haben die unsichere Root-Zertifikate (#MD5/#SHA1 ist beides zu schwach, besser #SHA256 oder #SHA512). Ich brauche dort nur die CSR-Datei einfuegen und schon erhalte ich ein Zertifikat unterschrieben zurueck, zuvor musste ich aber von mindestens 5/6 Menschen geprueft worden sein, um Zertifikate erhalten zu koennen.
#LetsEncrypt ist dort leider anders, dort muss ich als #root ein Shell-Script starten, das in meinen Konfigurationsdateien rumschreibt und liest. Und das habe ich nicht gerne. Lieber haette ich es wie bei #CACert.
-
@pettter Yes, but it needs a lot review as it runs as root ... :-/ That is currently for me the reason to switch to #letsencrypt. Currently I stay with some self-signed certificates and #CACert.
Oh, btw: My login to #StartSSL is no longer working (client certificate based). How can I fix this? Delete the local certificate and retry again?
-
@tuttle besides the usual stuff, like: "make full database + script backup", "stop web server" and such things, all above said things may be okay. Besides, I made myself a deploy.sh script: https://social.mxchange.org/deploy.sh - Sorry when you have to accept #CACert again. :-/
-
Yes, I know. I currently use #CACert certificates. They are removed from #Firefox as they only provide #SHA1 and #MD5 sums on their ...
-
Chat is also available with #TLS: https://33bits.eu/mhck/chat/ and the website as well (right now #CAcert though) on https://music.umeahackerspace.se/ :] !umehack
-
@n2admin #CACert certificates are unfortunally not valid in most browsers before you manually add the root certificates to your browser's trusted database: http://www.cacert.org/index.php?id=3 But it's more like a nice community (you can earn points in events like #FOSDEM, #FrOSCon, or by finding people near you in the directory of accreditators), what #LECrypt is clearly not.
-
The !fnetworks certs (issued by #StartSSL) expire shortly. I'll take a look at #LetsEncrypt ( #LECrypt ) and #CACert as well as StartSSL.
-
@steveland Have you set #CACert http://url.federati.net/bMuw8 as a trusted root authority in your browser?
-
Probably, I will wait for #letsencrypt to launch. This crappy #startssl system is driving me crazy. 3 years passed, and I still can't figure out HOW to regenerate auth certificate. Even with help of CertMaster. And #CACert isn't better any self-signed certificate, actually. So there is no more free #ssl certificates provider around, or am I missing something?
-
Okay, time to generate a couple of self-signed certs. No, I'm not going to bother doing #StartSSL or #CACert (or #LetsEncrypt, even if it was currently available) certs for these subdomains yet.
-
#CACert ab jetzt wieder in #Debian sid: https://tms.pw/RKZ5S ~(‾▿‾~)(~‾▿‾)~
-
#CACert ab jetzt wieder in #Debian sid: https://tms.pw/RKZ5S ~(‾▿‾~)(~‾▿‾)~
-
Just put https before paste.vinilox.eu → all my sites are https enabled (I keep http to prevent scaring peoples with #CaCert) :)