On Fri, August 18, 2017 5:02 pm, Michael Felt wrote:
On 8/11/2017 1:29 PM, Ralph Seichter wrote:
And, Ralph, I salute you. I have never been able to be disciplined enough to be my own CA. I encourage you to look into the subject again.
I actually have been, which is why I could give a near sensible reply. Thanks for the encouragement!
With the advent of Let's Encrypt, free certs for the masses have become a thing, but if you need more than 3 months validity, want to create certs for Intranet-devices (routers, local servers), or just want maximum control over all certs, setting up your own CA is rewarding. While you're at it, no gentleman should not be without DNSSEC, DKIM and DANE these days. ;-) I should know all three, but, sadly, only one: two things to add to my list of things to research.
I have been reading this with some interest (while trying to migrate Dovecot, Postfix etc..)
BUT, for a public web server where https is becoming mandatory, I'd still need a certificate from a recognized publisher, to avoid users geting 'warnings', is that so ?
(I'm currently using self issued for both mail and web)
thanks,
V