I have been comparing :
for a few known sites. There are some interesting differences.
You mention Michael and MLUG - I have heard of MLUG.
On 04/06/16 12:47, Andrew McGlashan via luv-talk wrote:
CA / PKI is completely broken; if you cannot run your own CA and apply
it to all effected machines, then you are better off using letsencrypt.
Now, given that many browsers get quite nasty with self-signed
certificates, it is becoming less easy to use self-signed certs (even
just for yourself).
You can have up to 100 domains (including sub-domains) in the one
certificate with letsencrypt. The domains included in a single cert can
also be completely non-related to each other, but I prefer to keep them
related myself (at least in some way). Certificates don't live for as
long as a brought one, but that is actually a bonus. You can
automatically schedule updates, but I prefer to do so manually.
There are lots of guides available on the Internet.
I use certificates for lots of domains and some of those being used for
both web and email servers. I also now have a cert for my ejabberd
setup, although Pidgin on Winblows doesn't have all the right upstream
CAs that browsers do and therefore it fails to follow the chain fully
and properly; therefore can't properly fully verify my cert by itself (I
can verify it though myself). Anywhere that you might need a cert, you
can almost certainly use one from letsencrypt.
Michael wants me to do a talk at MLUG, but I'm not ready and I've got
too many other things that I have to deal with. Perhaps I will end up
doing a talk and sharing my scripts and methods for others.
luv-talk mailing list