search for: wosign

On 15.06.2016 15:57, ????????? ???????? wrote: > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free that is right, but hink of your potential clients, because wosign has a problem - slow OCSP, ... because their server infrastucture is located in China, and not the best bandwidth ... when validity checks of the used SSL certificate very probable fail, it is worse than not using SSL ......

On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote: > > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free Today, I would prefer Let?s Encrypt: https://letsencrypt.org/ It is philosophically aligned with the open source software world, rather than act as bait for a company that would prefer to sell you a cert instead. I?m only aware of one case where you absolutely cannot use Let?s Encryp...

I followed the instructions here https://wiki.centos.org/HowTos/Https Checking port 80 I get the file... curl http://localhost/file.html <HTML> <FORM> Working </FORM> </HTML> Checking port 443 I get and error curl https://localhost/file.html curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here:

On 16.06.2016 21:42, ????????? ???????? wrote: >> that is right, but hink of your potential clients, because >> wosign has a problem - slow OCSP, ... >> because their server infrastucture is located in China, and not the >> best bandwidth ... >> >> when validity checks of the used SSL certificate very probable fail, >> it is worse than not using SSL ... > > I don't think OCSP...

...> > than act as bait for a company that would prefer to sell you a cert > > instead. > > I have got question for experts. I just opened settings of Firefox > (latest, on FreeBSD), and took a look at the list of Certification > Authorities it comes with. > > I do see WoSign there (though I'd prefer to avoid my US located servers > have certificates signed by authority located in China, hence located sort > of behind "the great firewall of China" - call me superstitious). > > I do not see neither starttls.com nor letsencrypt.org between Autho...

...6 9:17 am, Warren Young wrote: > On Jun 15, 2016, at 7:57 AM, ?????????????????? ???????????????? > <nevis2us at infoline.su> wrote: >> >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. >> >> http://www.startssl.com >> http://buy.wosign.com/free > > Today, I would prefer Let???s Encrypt: > > https://letsencrypt.org/ > > It is philosophically aligned with the open source software world, rather > than act as bait for a company that would prefer to sell you a cert > instead. I have got question for experts....

On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > I do see WoSign there (though I'd prefer to avoid my US located servers > have certificates signed by authority located in China, hence located sort > of behind "the great firewall of China" - call me superstitious). That?s a perfectly valid concern. The last I heard, modern browsers trust 1,...

On 10/10/2016 11:12 AM, Stuart D. Gathman wrote: > On Mon, 10 Oct 2016, Lane Russell wrote: > >> I tried viewing your link, but it returns a 404 error. It also doesn't seem >> to have a valid certificate. Could you send the correct link please? > > I tried from Texas, Miami, Virginia, and New York VPSes. Works fine. > Maybe try again, or check your local DNS? >

Nowadays it's quite easy to get normal ssl certificates for free. E.g. http://www.startssl.com http://buy.wosign.com/free

On 15.06.2016 16:17, Warren Young wrote: > On Jun 15, 2016, at 7:57 AM, ????????? ????????<nevis2us at infoline.su> wrote: >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. >> >> http://www.startssl.com >> http://buy.wosign.com/free > Today, I would prefer Let?s Encrypt: > > https://letsencrypt.org/ > > It is philosophically aligned with the open source software world, rather than act as bait for a company that would prefer to sell you a cert instead. > > I?m only aware of one case where you ab...

> that is right, but hink of your potential clients, because > wosign has a problem - slow OCSP, ... > because their server infrastucture is located in China, and not the > best bandwidth ... > > when validity checks of the used SSL certificate very probable fail, > it is worse than not using SSL ... I don't think OCSP is critical for free certif...

Walter H. ????? 2016-06-16 22:54: > On 16.06.2016 21:42, ????????? ???????? wrote: >>> that is right, but hink of your potential clients, because >>> wosign has a problem - slow OCSP, ... >>> because their server infrastucture is located in China, and not the >>> best bandwidth ... >>> >>> when validity checks of the used SSL certificate very probable fail, >>> it is worse than not using SSL ... >> &...

...eason was to prevent problems for connection problems - > or whatever problems - in connection with the OCSP Sure. I've never said privacy concerns were the main reason. Security concerns can probably be addressed with reducing update interval of issuer-signed OCSP responses. For my free wosign certificates ii's 4 days and my understanding is that interval matches CRL update policy of the CA. Per RFC2560 (see nextUpdate below): 2.4 Semantics of thisUpdate, nextUpdate and producedAt Responses can contain three times in them - thisUpdate, nextUpdate and producedAt. The sem...

On 17.06.2016 19:57, ????????? ???????? wrote: >>> Then OCSP stapling is the way to go but it could be a real PITA to >>> setup for the first time and may not be supported by older browsers >>> anyway. >>> >> not really, because the same server tells the client that the SSL >> certificate is good, as the SSL certificate itself; >> these must