On Fri, August 18, 2017 5:02 pm, Michael Felt wrote: > On 8/11/2017 1:29 PM, Ralph Seichter wrote:
>>> And, Ralph, I salute you. I have never been able to be disciplined >>> enough to be my own CA. >> I encourage you to look into the subject again. >> > I actually have been, which is why I could give a near sensible reply. > Thanks for the encouragement! > >> With the advent of Let's >> Encrypt, free certs for the masses have become a thing, but if you need >> more than 3 months validity, want to create certs for Intranet-devices >> (routers, local servers), or just want maximum control over all certs, >> setting up your own CA is rewarding. While you're at it, no gentleman >> should not be without DNSSEC, DKIM and DANE these days. ;-) > I should know all three, but, sadly, only one: two things to add to my > list of things to research. I have been reading this with some interest (while trying to migrate Dovecot, Postfix etc..) BUT, for a public web server where https is becoming mandatory, I'd still need a certificate from a recognized publisher, to avoid users geting 'warnings', is that so ? (I'm currently using self issued for both mail and web) thanks, V