From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 00A411382C5 for ; Tue, 1 Jun 2021 10:44:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D5E24E0825; Tue, 1 Jun 2021 10:44:49 +0000 (UTC) Received: from turkos.aspodata.se (turkos.aspodata.se [185.140.117.226]) by pigeon.gentoo.org (Postfix) with ESMTP id 665B7E0815 for ; Tue, 1 Jun 2021 10:44:49 +0000 (UTC) Received: from turkos.aspodata.se (localhost.aspodata.se [127.0.0.1]) by turkos.aspodata.se (Postfix) with ESMTP id F1D9182B8F85 for ; Tue, 1 Jun 2021 12:44:47 +0200 (CEST) Received: by turkos.aspodata.se (Postfix, from userid 1000) id D7EA282B8F89; Tue, 1 Jun 2021 12:44:47 +0200 (CEST) X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7+dev X-Exmh-Isig-CompType: repl X-Exmh-Isig-Folder: inbox From: karl@aspodata.se To: gentoo-user@lists.gentoo.org Subject: Letsencrypt (was Re: [gentoo-user] app-misc/ca-certificates) In-reply-to: <61db8745-dbb4-9c7e-80a9-6725905178c4@iinet.net.au> References: <20210529030839.123d8526@melika.host77.tld> <5480288.DvuYhMxLoT@iris> <61db8745-dbb4-9c7e-80a9-6725905178c4@iinet.net.au> Comments: In-reply-to William Kenworthy message dated "Tue, 01 Jun 2021 13:15:00 +0800." Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply Mime-Version: 1.0 Content-Type: text/plain Message-Id: <20210601104447.D7EA282B8F89@turkos.aspodata.se> Date: Tue, 1 Jun 2021 12:44:47 +0200 (CEST) X-Virus-Scanned: ClamAV using ClamSMTP X-Archives-Salt: 2f602b3e-1155-4265-a1af-363fca97b4c0 X-Archives-Hash: 492cefcd48b38ccb546a942fd4b945da BillK: ... > And another "wondering" - all the warnings about trusting self signed > certs seem a bit self serving. Yes, they are trying to certify who you > are, but at the expense of probably allowing access to your > communications by "authorised parties" (such as commercial entities > purchasing access for MITM access - e.g. certain router/firewall > companies doing deep inspection of SSL via resigning or owning both end > points). If its only your own communications and not with a third, > commercial party self signed seems a lot more secure. ... You can use https://letsencrypt.org/ instead of a self-signed cert: Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). It was pretty simple to get it to work with https://github.com/diafygi/acme-tiny Regards, /Karl Hammar