search for: wosigns

On 15.06.2016 15:57, ????????? ???????? wrote: > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free that is right, but hink of your potential clients, because wosign has a problem - slow OCSP, ... because their server infrastucture is located in China, and not the best bandwidth ... when validity checks

On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote: > > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free Today, I would prefer Let?s Encrypt: https://letsencrypt.org/ It is philosophically aligned with the open source software world, rather than act as bait

I followed the instructions here https://wiki.centos.org/HowTos/Https Checking port 80 I get the file... curl http://localhost/file.html <HTML> <FORM> Working </FORM> </HTML> Checking port 443 I get and error curl https://localhost/file.html curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here:

On 16.06.2016 21:42, ????????? ???????? wrote: >> that is right, but hink of your potential clients, because >> wosign has a problem - slow OCSP, ... >> because their server infrastucture is located in China, and not the >> best bandwidth ... >> >> when validity checks of the used SSL certificate very probable fail, >> it is worse than not using SSL ...

On Wed, Jun 15, 2016 at 10:02:57AM -0500, Valeri Galtsev wrote: > > On Wed, June 15, 2016 9:17 am, Warren Young wrote: > >> > >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > > > Today, I would prefer Let???s Encrypt: > > > > https://letsencrypt.org/ > > > > It is philosophically aligned with the open

On Wed, June 15, 2016 9:17 am, Warren Young wrote: > On Jun 15, 2016, at 7:57 AM, ?????????????????? ???????????????? > <nevis2us at infoline.su> wrote: >> >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. >> >> http://www.startssl.com >> http://buy.wosign.com/free > > Today, I would prefer Let???s Encrypt: > >

On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > I do see WoSign there (though I'd prefer to avoid my US located servers > have certificates signed by authority located in China, hence located sort > of behind "the great firewall of China" - call me superstitious). That?s a perfectly valid concern. The last I heard, modern

On 10/10/2016 11:12 AM, Stuart D. Gathman wrote: > On Mon, 10 Oct 2016, Lane Russell wrote: > >> I tried viewing your link, but it returns a 404 error. It also doesn't seem >> to have a valid certificate. Could you send the correct link please? > > I tried from Texas, Miami, Virginia, and New York VPSes. Works fine. > Maybe try again, or check your local DNS? >

Nowadays it's quite easy to get normal ssl certificates for free. E.g. http://www.startssl.com http://buy.wosign.com/free

On 15.06.2016 16:17, Warren Young wrote: > On Jun 15, 2016, at 7:57 AM, ????????? ????????<nevis2us at infoline.su> wrote: >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. >> >> http://www.startssl.com >> http://buy.wosign.com/free > Today, I would prefer Let?s Encrypt: > > https://letsencrypt.org/ > > It is

> that is right, but hink of your potential clients, because > wosign has a problem - slow OCSP, ... > because their server infrastucture is located in China, and not the > best bandwidth ... > > when validity checks of the used SSL certificate very probable fail, > it is worse than not using SSL ... I don't think OCSP is critical for free certificates suitable for small

Walter H. ????? 2016-06-16 22:54: > On 16.06.2016 21:42, ????????? ???????? wrote: >>> that is right, but hink of your potential clients, because >>> wosign has a problem - slow OCSP, ... >>> because their server infrastucture is located in China, and not the >>> best bandwidth ... >>> >>> when validity checks of the used SSL certificate

> yes and no, but faking a valid OCSP response that says good instead of > revoked is also possible ... Could you please provide any proof for that statement? If it were true the whole PKI infrastructure should probably be thrown out of the window. ) > the primary reason was to prevent problems for connection problems - > or whatever problems - in connection with the OCSP Sure.

On 17.06.2016 19:57, ????????? ???????? wrote: >>> Then OCSP stapling is the way to go but it could be a real PITA to >>> setup for the first time and may not be supported by older browsers >>> anyway. >>> >> not really, because the same server tells the client that the SSL >> certificate is good, as the SSL certificate itself; >> these must