similar to: https and self signed

On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote: > > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free Today, I would prefer Let?s Encrypt: https://letsencrypt.org/ It is philosophically aligned with the open source software world, rather than act as bait

On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > I do see WoSign there (though I'd prefer to avoid my US located servers > have certificates signed by authority located in China, hence located sort > of behind "the great firewall of China" - call me superstitious). That?s a perfectly valid concern. The last I heard, modern

On 15.06.2016 15:57, ????????? ???????? wrote: > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free that is right, but hink of your potential clients, because wosign has a problem - slow OCSP, ... because their server infrastucture is located in China, and not the best bandwidth ... when validity checks

On Wed, 15 Jun 2016, John R Pierce wrote: > On 6/15/2016 6:47 AM, Jerry Geis wrote: >> How do I get past this? I was looking to just self sign for https. > > in my admittedly limited experience with this stuff, you need to create your > own rootCA, and use that to sign your certificates, AND you need to take the > public key of the rootCA and import it into any trust

On 16.06.2016 21:42, ????????? ???????? wrote: >> that is right, but hink of your potential clients, because >> wosign has a problem - slow OCSP, ... >> because their server infrastucture is located in China, and not the >> best bandwidth ... >> >> when validity checks of the used SSL certificate very probable fail, >> it is worse than not using SSL ...

On Wed, Jun 15, 2016 at 10:02:57AM -0500, Valeri Galtsev wrote: > > On Wed, June 15, 2016 9:17 am, Warren Young wrote: > >> > >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > > > Today, I would prefer Let???s Encrypt: > > > > https://letsencrypt.org/ > > > > It is philosophically aligned with the open

On 02/08/2020 16:26, Valeri Galtsev wrote: > > On the side note: it is Microsoft that signs one of Linux packages now. We seem to have made one more step away from ?our? computers being _our computers_. Am I wrong? > > Valeri > Microsoft are the Certificate Authority for SecureBoot and most SB-enabled hardware (most x86 hardware) comes with a copy of the Microsoft key

Hi I keep on getting errors and can't connect/login to Dovecot. I did my research but unfortunately without success. It is for sure not ulimit because ulimit is set to unlimited per default already. Still , it complains about "Too many open files" but this is a test system and the service dovecot and postfix have just been started. No one except me is testing on this system.

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

On 02/08/2020 19:54, John Pierce wrote: > On Sun, Aug 2, 2020 at 11:45 AM Phil Perry <pperry at elrepo.org> wrote: > >> On 02/08/2020 16:26, Valeri Galtsev wrote: >>> >>> On the side note: it is Microsoft that signs one of Linux packages now. >> We seem to have made one more step away from ?our? computers being _our >> computers_. Am I wrong?

Hallo, i'm having troubles installing self-signed certificates for dovecot. After installing, dovecot generates a key and cert. But he is using the wrong common name (where does dovecot get this name from?). I tried deleting them and installing a handcrafted cert with this: openssl genrsa -out mail.key 2048 openssl req -new -key mail.key -out mail.csr openssl x509 -req -days 4312 -in

On 10/10/2016 11:12 AM, Stuart D. Gathman wrote: > On Mon, 10 Oct 2016, Lane Russell wrote: > >> I tried viewing your link, but it returns a 404 error. It also doesn't seem >> to have a valid certificate. Could you send the correct link please? > > I tried from Texas, Miami, Virginia, and New York VPSes. Works fine. > Maybe try again, or check your local DNS? >

On 17.06.2016 19:57, ????????? ???????? wrote: >>> Then OCSP stapling is the way to go but it could be a real PITA to >>> setup for the first time and may not be supported by older browsers >>> anyway. >>> >> not really, because the same server tells the client that the SSL >> certificate is good, as the SSL certificate itself; >> these must

Hi, On 25/05/2020 23:04, Voytek wrote: > jumping here with a question, if I use 143 with STARTTLS, and, force > TLS/SSL in configuration, that's equivalent from security POV, isn't > it? and, same for 110 STARTTLS? Or am I missing something? Interesting point, after some googling, I think you are right, and as long as we have set "disable_plaintext_auth = yes" (and we

Hello, I would like to read and write sparse matrices using the functions write.matrix.csr() and read.matrix.csr() of the package e1071. Writing is OK but reading back the matrix fails: x <- rnorm(100) m <- matrix(x, 10) m[m < 0.5] <- 0 m.csr <- as.matrix.csr(m) write.matrix.csr(m, "sparse.dat") read.matrix("sparse.dat") Error in initialize(value, ...)

I'm working on lldb. I've just submitted a very small change (r217229) to Triple.h/.cpp. Soon after I get a mail subject: buildbot failure in LLVM on lld-x86_64-darwin13 Details: http://lab.llvm.org:8011/builders/lld-x86_64-darwin13/builds/2571 Blamelist: mg11 My small change certainly did not cause lldb's build to fail on my machine. I looked into the build-log:

I would like to add a class to the SparseM package. I have a class "matrix.csr" that describes a matrix in compressed sparse row format, now I would like a class matrix.diag.csr that describes such objects when they happen to be diagonal. The idea is that matrix.diag.csr objects should behave (later in life) exactly like matrix.csr objects, the distinction is only needed in order to

Hello LLVMdev!! Yesterday I posted a patch request to the llvm-commits list requesting that someone could apply a patch to Triple.h and Triple.cpp for me. I didn't get any response so I wondered whether I should have posted to this list instead. My story is as follows: we are trying to get lldb/llvm support for CSRs range of Kalimba DSPs. Eventually we are planning to hire someone to

Eric Christopher wrote: > On Wed, Jul 9, 2014 at 11:39 AM, Jonathan Roelofs > <jonathan at codesourcery.com> wrote: >> >> On 7/9/14, 12:33 PM, Eric Christopher wrote: >>> Any reason why you deleted code that isn't related? >>> >>> -eric >>> >>>> - enum SubArchType { >>>> - NoSubArch, >>>> -

So i?m using dovecot, and i created a self signed certificate with mkcert.sh based on dovecot-openssl.cnf. The name in there matches my mail server. The first time it connects in mac mail however, it says the certificate is invalid and another server might pretend to be me etc. I then have the option of trusting it. Is this normal behaviour? Will it always be invalid if it?s not signed by a