Re: is a self signed certificate always invalid the first time?

2017-08-11 Thread Michael Felt
I have looked at let's encrypt. Key issue for me is having to add a lot python stuff that would otherwise not be on any server. Again, All CA's like "Let's Encrypt" - and others that are accepted by the "majors", e.g., Windows, Mozilla make it much easier for the "random" user to use

Re: is a self signed certificate always invalid the first time?

2017-08-11 Thread Florian Beer
On 2017-08-11 11:36, Michael Felt wrote: I have looked at let's encrypt. Key issue for me is having to add a lot python stuff that would otherwise not be on any server. I use acme.sh for all of my LetsEncrypt certs (web & mail), it is written in pure shell script, so no python dependencies.

pre-installed CA (was: is a self signed certificate always invalid the first time?)

2017-08-11 Thread Steffen Kaiser
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just my humble opinion: We had ran a self-signed CA several years. I would claim, that in theory this is more secure than using pre-installed third party CAs. Using a self-signed cert per server might do for small numers as well. However, when it

Re: new install on Centos 7

2017-08-11 Thread voytek
On Thu, August 10, 2017 6:35 pm, Peter wrote: > GhettoForge has dovecot22 packages as well which provide the latest > stable version of Dovecot for CentOS 6 and 7. Peter, thanks. I've followed GhettoForge's Postfix page, so far so good but, I'm not that sure of getting dovecot22... do I need

Re: is a self signed certificate always invalid the first time?

2017-08-11 Thread Ruben Safir
On 08/10/2017 04:41 PM, Frank-Ulrich Sommer wrote: > I can't see any security advantages of a self signed cert. I then you fail to understand the history, like when Microsoft's certs were undermined because the third party authentication agency gave the keys to 2 guys that knocked on the door and

Re: is a self signed certificate always invalid the first time?

2017-08-11 Thread Ruben Safir
On 08/10/2017 04:41 PM, Frank-Ulrich Sommer wrote: > add security exceptions this rings all alarm bells. no, but software vendors will have you believe that. Sorry, I don't leave my house keys with strangers -- So many immigrant groups have swept through our town that Brooklyn, like

Re: is a self signed certificate always invalid the first time?

2017-08-11 Thread Ralph Seichter
On 11.08.2017 11:36, Michael Felt wrote: > This is what Ralph means when he says "have been running a CA for > 15+ years" - not that he is (though he could!) sell certificates > commercially - rather, he is using an initial certificate to sign > later certificates with. Actually, I do sell

Re: is a self signed certificate always invalid the first time?

2017-08-11 Thread Frank-Ulrich Sommer
Am 11. August 2017 12:46:46 MESZ schrieb Ruben Safir : >On 08/10/2017 04:41 PM, Frank-Ulrich Sommer wrote: >> I can't see any security advantages of a self signed cert. I > >then you fail to understand the history, like when Microsoft's certs >were undermined because the

Re: new install on Centos 7

2017-08-11 Thread Peter
On 12/08/17 00:50, voy...@sbt.net.au wrote: > I've followed GhettoForge's Postfix page, so far so good > > but, I'm not that sure of getting dovecot22... > > do I need to do a 'yum shell --enablerepo=gf-plus', followed by install, > run, quit; like for Postfix..? Yes, I haven't done a dovecot