The purchased setup is complete. I now know about https://www.sslshopper.com/ I have been comparing : <domain-name> http://<domain-name> https://<domain-name> for a few known sites. There are some interesting differences. You mention Michael and MLUG - I have heard of MLUG. On 04/06/16 12:47, Andrew McGlashan via luv-talk wrote:
Hi,
CA / PKI is completely broken; if you cannot run your own CA and apply it to all effected machines, then you are better off using letsencrypt. Now, given that many browsers get quite nasty with self-signed certificates, it is becoming less easy to use self-signed certs (even just for yourself).
You can have up to 100 domains (including sub-domains) in the one certificate with letsencrypt. The domains included in a single cert can also be completely non-related to each other, but I prefer to keep them related myself (at least in some way). Certificates don't live for as long as a brought one, but that is actually a bonus. You can automatically schedule updates, but I prefer to do so manually.
There are lots of guides available on the Internet.
I use certificates for lots of domains and some of those being used for both web and email servers. I also now have a cert for my ejabberd setup, although Pidgin on Winblows doesn't have all the right upstream CAs that browsers do and therefore it fails to follow the chain fully and properly; therefore can't properly fully verify my cert by itself (I can verify it though myself). Anywhere that you might need a cert, you can almost certainly use one from letsencrypt.
Michael wants me to do a talk at MLUG, but I'm not ready and I've got too many other things that I have to deal with. Perhaps I will end up doing a talk and sharing my scripts and methods for others.
Kind Regards AndrewM
_______________________________________________ luv-talk mailing list luv-talk@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-talk