Reply
Thread Tools
vitaminj's Avatar
Posts: 405 | Thanked: 961 times | Joined on Dec 2009 @ London, UK
#11
Why a commercial certificate? A cheap commercial one (or free StartCom) is no "better" than a let's encrypt one, unless we are concerned about the cert chain baked into old devices (N900/N9 I assume) not including let's encrypt.

But let's encrypt isn't dodgy, shoddy, confusing, complicated or anything. You run one script and it's all automated for you, including changing apache (or other server) config, that's the whole point of the thing.

Seriously, anyone who's ever "set up" let's encrypt would never look back to using StartCom or paying tens of $currency for a cheap non-EV cert. I remember those old days with horror, all the manual faffing that used to be required.
 

The Following 6 Users Say Thank You to vitaminj For This Useful Post:
Guest | Posts: n/a | Thanked: 0 times | Joined on
#12
I hate to ask a potentially simple question; however the discussion as to what has to be done seems to lean towards Let's Encrypt. But my question is surrounding the when.

Each time I click the header navigation here, I get a warning. I hate that warning.
 

The Following 10 Users Say Thank You to For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#13
Originally Posted by vitaminj View Post
Why a commercial certificate? A cheap commercial one (or free StartCom) is no "better" than a let's encrypt one, unless we are concerned about the cert chain baked into old devices (N900/N9 I assume) not including let's encrypt.

But let's encrypt isn't dodgy, shoddy, confusing, complicated or anything. You run one script and it's all automated for you, including changing apache (or other server) config, that's the whole point of the thing.

Seriously, anyone who's ever "set up" let's encrypt would never look back to using StartCom or paying tens of $currency for a cheap non-EV cert. I remember those old days with horror, all the manual faffing that used to be required.
Whatever is chosen, it’s fine with me. Letsencrypt is free, and trusted.
Startcom on the other hand, is neither. So please don’t use that.
 

The Following 7 Users Say Thank You to nieldk For This Useful Post:
Posts: 3,328 | Thanked: 4,476 times | Joined on May 2011 @ Poland
#14
I think you should get any certificate, even from Let's Encrypt, just so that you have more 90 days to debate.

Adding an exception every time I visit tmo is at least irritating.
__________________
If you want to support my work, you can donate by PayPal or Flattr

Projects no longer actively developed: here
 

The Following 9 Users Say Thank You to marmistrz For This Useful Post:
Posts: 39 | Thanked: 117 times | Joined on Apr 2010 @ Norway
#15
Nice! So the certificate yesterday got updated to a Let's Encrypt certificate for the next three months.
 

The Following 13 Users Say Thank You to BentL For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#16
Marvelous !
Better than most
Attached Images
 
 

The Following 11 Users Say Thank You to nieldk For This Useful Post:
mosen's Avatar
Community Council | Posts: 1,669 | Thanked: 10,225 times | Joined on Nov 2014 @ Lower Rhine
#17
Nice choice!

The 90 days xpiration is a good thing and should be done by all others too. It is hard to revoke a cert so it limits damage from key compromise and mis-issuance to have short lifespans.

I plead for RFC change to max 90 days

Also it would encourage other authorities to automate the renewal like letsencrypt does because manual renewal would become really expensive.
 

The Following 5 Users Say Thank You to mosen For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 19:58.