On Wed, June 15, 2016 10:48 am, Warren Young wrote:
> On Jun 15, 2016, at 9:38 AM, Warren Young <wyml@xxxxxxxxxxx> wrote:
>>
>> On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx>
>> wrote:
>>
>>> I do not see neither starttls.com nor letsencrypt.org between
>>> Authorities
>>> certificates.
>>
>> Thatâ??s because they are not top-tier CAs.
>
> I forgot to mention that letsencrypt.com uses one of its own certificates.
> You can use your browserâ??s certificate detail view to see the chain of
> trust. I see two levels here: IdenTrust -> TrustID -> Letâ??s Encrypt.
Thanks, that means no need to install CA. There is always someone (Thanks,
Warren!) who looked deeper into things, and can explain them. The only
thing here is: I need to look deeper myself how the identity of the server
is ensured in this case (i.e. whether tier 2, tier 3, ... CAs really do
that. But that is more fundamental thing: basically with that in play, can
I still trust that the physical entity owning server cert is indeed who it
claims to be).
>
> As for starttls.com, that doesnâ??t exist; youâ??re probably confusing it
> with the SMTP STARTTLS protocol extension. What you mean is startssl.com,
> which is the main public face of StartCom. StartCom is a top-tier CA.
I'm sure I did copy and paste, so that should have copied from OP e-mail...
Thanks again, Warren,
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
