If you are looking to get free TLS certs startcom is still in there as I recall, and unless you plan on doing something out of the ordinary or that requires the CA to do work (like you want a star cert, a cert with multiple SANs etc or want to revoke a cert without one of the reasons listed in their documentation, require an Extended validation server, or want a code signing cert) it is totally free. https://startssl.com
-- Jason Barbier [email protected] On Mon, Jan 12, 2015, at 01:17 AM, Seth wrote: > This week I upgraded one of my OpenSMTPD email servers to OpenBSD > 5.6/OpenSMTPD 5.4.3 and all of a sudden I started having all kinds of TLS > cert verification interoperability problems with my existing FreeBSD > OpenSMTPD 5.4.2 server. > > I was pulling my hair out trying to find out what heck was going on. > After > much flailing and gnashing of teeth I finally found the answer. > > The CAcert root was pulled from OpenBSD 9 months ago, due to "strict > requirements on > redistribution". > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/Attic/cert.pem?rev=1.24&content-type=text/x-cvsweb-markup > > This really sucks, because now I have setup my own Root CA for all my > private facing TLS only email servers or fork over yet more $$ to the > worthless commercial cert racket. > > I know this wasn't anything directly caused by OpenSMTPD, but if anyone > else is using CAcert.org certs and you're thinking about upgrading from > OpenBSD 5.5 to 5.6, watch out for this. > > -- > You received this mail because you are subscribed to [email protected] > To unsubscribe, send a mail to: [email protected] > -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
