Tim Landscheidt wrote: > Brion Vibber <[email protected]> wrote: > >>>> Pretty much, yeah. :) We put "real" certs on public-facing sites, but >>>> just haven't bothered with what is essentially our tech department >>>> intranet. (But since we're crazy people it's open if you want >>>> to look at >>>> it!) > >>> Wouldn't it be safer, and more convenient, to have internal sites use an >>> internally created CA instead of self-signed certificates? > >> Safer, but less convenient as it would take us a few extra minutes to >> set up which we might as well spend on buying an $8 public-friendly cert. ;) > > Does this mean that if I make an earmarked donation we could > close this thread? :-)
Can I chip in a few more bucks to get the old MD5-hashed certs (like the one for bugzilla.wikimedia.org) replaced? They may technically still be safe (if just barely), but at least the "SSL Blacklist" Firefox extension throws up a big scary warning about them and it's annoying to have to click through it. -- Ilmari Karonen _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
