1 |
On Friday 28 September 2007 01:10:48 Robin H. Johnson wrote: |
2 |
> > Is there a reason that my Godaddy suggestion in the bug isn't being |
3 |
> > considered? Regardless of what you may think of them as a company, they |
4 |
> > offer the same free type of certificate to open source projects just like |
5 |
> > cacert, and with what looks to be considerable less overhead. I |
6 |
> > understand that cacert is more "open sourcy" than godaddy, but if they're |
7 |
> > as much of a roadblock as the Trustees are in this case, maybe going that |
8 |
> > route would enable us to move forward? |
9 |
> |
10 |
> See my comment #14, regarding regenerating the certs [1] each time the set |
11 |
> of SSL vhosts on a box changes. For mail services, this isn't really an |
12 |
> issue, but for web services it's a big one. Wildcards only work in |
13 |
> Mozilla, and nowhere else [2]. |
14 |
> |
15 |
> [1] |
16 |
> http://wiki.cacert.org/wiki/VhostTaskForce#head-7236c4e2c9932ef42056b3ff6d3 |
17 |
>67053081887de [2] http://wiki.cacert.org/wiki/WildcardCertificates |
18 |
|
19 |
Wildcard certs work with all browsers, even wget and lynx, and one wildcard |
20 |
will cover anything *.gentoo.org, but not *.*.gentoo.org. No regeneration |
21 |
necessary. |
22 |
That wiki page I believe only talks about *'s in different places, which is |
23 |
not supported. |
24 |
I personally use the same wildcard cert for webmail via apache, imap/pop via |
25 |
courier, and SMTP. |
26 |
|
27 |
-- |
28 |
Mike Williams |
29 |
-- |
30 |
gentoo-dev@g.o mailing list |