| 1 |
On Friday 28 September 2007 01:10:48 Robin H. Johnson wrote: |
| 2 |
> > Is there a reason that my Godaddy suggestion in the bug isn't being |
| 3 |
> > considered? Regardless of what you may think of them as a company, they |
| 4 |
> > offer the same free type of certificate to open source projects just like |
| 5 |
> > cacert, and with what looks to be considerable less overhead. I |
| 6 |
> > understand that cacert is more "open sourcy" than godaddy, but if they're |
| 7 |
> > as much of a roadblock as the Trustees are in this case, maybe going that |
| 8 |
> > route would enable us to move forward? |
| 9 |
> |
| 10 |
> See my comment #14, regarding regenerating the certs [1] each time the set |
| 11 |
> of SSL vhosts on a box changes. For mail services, this isn't really an |
| 12 |
> issue, but for web services it's a big one. Wildcards only work in |
| 13 |
> Mozilla, and nowhere else [2]. |
| 14 |
> |
| 15 |
> [1] |
| 16 |
> http://wiki.cacert.org/wiki/VhostTaskForce#head-7236c4e2c9932ef42056b3ff6d3 |
| 17 |
>67053081887de [2] http://wiki.cacert.org/wiki/WildcardCertificates |
| 18 |
|
| 19 |
Wildcard certs work with all browsers, even wget and lynx, and one wildcard |
| 20 |
will cover anything *.gentoo.org, but not *.*.gentoo.org. No regeneration |
| 21 |
necessary. |
| 22 |
That wiki page I believe only talks about *'s in different places, which is |
| 23 |
not supported. |
| 24 |
I personally use the same wildcard cert for webmail via apache, imap/pop via |
| 25 |
courier, and SMTP. |
| 26 |
|
| 27 |
-- |
| 28 |
Mike Williams |
| 29 |
-- |
| 30 |
gentoo-dev@g.o mailing list |
Archives