Re: https and self signed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 17.06.2016 16:46, James B. Byrne wrote:

On Thu, June 16, 2016 13:53, Walter H. wrote:

On 15.06.2016 16:17, Warren Young wrote:

  but it also affects the other public CAs: you can’t get a
publicly-trusted cert for a machine without a publicly-recognized
and -visible domain name.  For that, you still need to use
self-signed certs or certs signed by a private CA.


A private CA is the same as self signed;


No it is not.  A private CA is as trustworthy as the organisation that
operates it.  No more and not one bit less.

We operate a private CA for our domain and have since 2005.  We
maintain a public CRL strictly in accordance with our CPS and have our
own OID assigned.

for your understanding: every root CA certificate is self signed;
any SSL certificate that was signed by a CA not delivered as built-in token in a browser is the same as self-signed; 



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux