[colug-432] ca-cert meetups?

R P Herrold herrold at owlriver.com
Sat Oct 23 13:38:15 EDT 2010


On Sat, 23 Oct 2010, Andy Graybeal wrote:

> I work for a small co-op in Athens, Ohio, and I was wondering if anyone
> knew of any CA-Cert gatherings to meet and identify.  I'd like to get a
> cert for our organization.
>
> I think I read a few years ago about the cbus lug doing this?

... formerly ...

The politics of certificates making it into the 'default' 
bundle in a browser, makes a cacert certificate not worth 
much, as the cacert folks have simply not 'succeeded' in 
solving 'jumping through the needed hoops'

I personaly concluded to go another way, to 'startssl.org' 
which has fairly minimal hurtles for issuing a certificate 
countersigned by a certificat that IS in the default store.

With progressive authentication verification at minimal cost, 
one can end up able issue as many certificates as one needs 
with no incremental cost.  (I am also 'qualified' in their 
'notary program', but have not really seem much benefit to 
that so far).  This 'amortizes' that fixed cost away to 
negligible

We have several hundred domains under management, and so the 
savings made this worthwhile. It should be that the 'received 
path' in the headers of this email show an 'OK' status, 
indicating that the content transited through SSL layers, and 
that each stage (except from 'localhost' to 
'bronson.owlriver.com' was not encrypted ... but that did not 
transit a network, as the localhost I compose on IS 
bronson.owlriver.com)

-- Russ herrold





More information about the colug-432 mailing list