Re: https and self signed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, June 15, 2016 10:38 am, Warren Young wrote:
> On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx>
> wrote:
>>
>> I do see WoSign there (though I'd prefer to avoid my US located servers
>> have certificates signed by authority located in China, hence located
>> sort
>> of behind "the great firewall of China" - call me superstitious).
>
> Thatâ??s a perfectly valid concern.  The last I heard, modern browsers
> trust 1,100 CAs!  Surely some of those CAs have interests that do not
> align with my interests.
>
>> I do not see neither starttls.com nor letsencrypt.org between
>> Authorities
>> certificates.
>
> Thatâ??s because they are not top-tier CAs.
>
>> This means (correct me if I'm wrong) that client has to
>> import one of these Certification Authorities certificates
>
> You must be unaware of certificate chaining:
>
>   https://en.wikipedia.org/wiki/Intermediate_certificate_authorities

Sorry, intermediate authorities just slept off my mind somehow (to say
worst: my server certificated _are_ signed by intermediate CA - shame on
me ;-)

Valeri


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux