So, for hobby / home websites, certificates with a short lifespan is ok. For anything else, a decent certificate provider should be used…
From: "Tim via users" <users@lists.fedoraproject.org<mailto:users@lists.fedoraproject.org>> Date: Tuesday, 27 May 2025 at 12:36:07 pm To: "noloa...@gmail.com" <noloa...@gmail.com<mailto:noloa...@gmail.com>>, "Community support for Fedora users" <users@lists.fedoraproject.org<mailto:users@lists.fedoraproject.org>> Cc: "Tim" <ignored_mail...@yahoo.com.au<mailto:ignored_mail...@yahoo.com.au>> Subject: Re: How to setup certs for https access for Fedora 42? On Mon, 2025-05-26 at 15:19 -0400, Jeffrey Walton wrote: > To reduce the size of Certificate Revocation List (CRL), and recover > quickly from a compromised host. Conventional wisdom is, browsers > don't download CRLs or OCSP, so a short validity closes the gap in > browser behavior. That's the first answer I've found that seemed logical. I remember in the past having to manually set browsers to check for revocation of certificates, because they didn't. Which seemed a rather dumb lack of cross-checking. Though it also seems that constantly changing something adds another vector for some kind of screw-up. Somewhat like the very dumb idea of making people constantly change their passwords. -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 (yes, this is the output from uname for this PC when I posted) Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
-- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
