[kwlug-disc] Stronger SSH keys and SSL certificates

Gordon Dey gordon.dey at happydeys.ca
Sun Apr 20 16:45:40 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 14-04-20 01:12 PM, Khalid Baheyeldin wrote:
[edited]
> For example, I use the following script for self signed
> certificates. How can this be improved?

The issue with self-signed really only manifests itself when the site
in question is exposed to browsers/tools outside your domain of
control. Within it, you can propagate your site certificate to quell
the trust question. Then again, if you can control those clients
anyway, why the need for ssl? (Performance reduction?) Anyway...

Outside your domain of control is where you can improve, by using a
more-trusted third party certificate signing service rather than
having to promote yourself as a trustworthy certificate signing
authority. Lowest-cost service with a web-of-trust can be had by folks
such as www.cacert.org while others merely require throwing enough
money at them.

Gord.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQF8BAEBCgBmBQJTVDH0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGNUQwMUNBRTg2OUVDNDY4QUI3MDNGNDA2
ODI0QjA2NjdCOUQzM0M2AAoJEGgksGZ7nTPGWfEH/iEIh0sxiFkqb7NWr8EIvXBw
p+vOBzVABqOKjWtMwPUNdylvzuR6OrCkmfwX68J9z6wXmQ/3xjViOEddm/iUKeHZ
z5+YOX1U/OwoA2ABM5AvF0Zme41xf9DdlF5GAHYEdD6feopTwo1I6SyjCPbFkFrA
PyZbhyTm5zlSiuRCjNCb4H0I3leyiTt1lwFOWoNY0PAhNOGi7UPnb/1j3+pdjGh0
YiYEF7pKLQEimQdGUurfdfBv8SXooaykSaybNtwrX7ZfNe2WZqz5nxHWqRx9kcgA
gYhQiuHFMPN06sySkYiQcI6fTsaOeTUfeJ7YpJP229CofemWVET1fG5VqcZKwuQ=
=h6WQ
-----END PGP SIGNATURE-----




More information about the kwlug-disc mailing list