[kwlug-disc] Stronger SSH keys and SSL certificates
gordon.dey at happydeys.ca
Sun Apr 20 16:45:40 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 14-04-20 01:12 PM, Khalid Baheyeldin wrote:
> For example, I use the following script for self signed
> certificates. How can this be improved?
The issue with self-signed really only manifests itself when the site
in question is exposed to browsers/tools outside your domain of
control. Within it, you can propagate your site certificate to quell
the trust question. Then again, if you can control those clients
anyway, why the need for ssl? (Performance reduction?) Anyway...
Outside your domain of control is where you can improve, by using a
more-trusted third party certificate signing service rather than
having to promote yourself as a trustworthy certificate signing
authority. Lowest-cost service with a web-of-trust can be had by folks
such as www.cacert.org while others merely require throwing enough
money at them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the kwlug-disc