[sword-devel] crosswire.org HTTPS certificate problems

Kahunapule Michael Johnson kahunapule at mpj.cx
Tue Jun 25 11:41:01 MST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

An expired certificate wastes time for everyone who tries to use it, and bypassing it trains people to engage in bad security practices. It may encourage people to transmit passwords in the clear or make them more likely to be duped by bad certificates that are genuine problems.

A free proper SSL certificate with excellent browser root trust coverage can be obtained from https://www.startssl.com/. I generate my own SSL certificates with OpenSSL, then submit them to startssl.com for signing. It works well for me. The free certificates are good for one year.

On 06/25/2013 07:49 AM, Jaak Ristioja wrote:
> On 25.06.2013 17:21, Troy A. Griffitts wrote:
> > It it really more work now that it's expired?
>
> Just a bit more work. The moment it expired broke my scripts which
> didn't count for the fact that the subversion client asked for user
> input on stdin for confirming the new certificate error.
>
> On the other hand, all these obstacles are really good for attracting
> new developers (*irony*)...
>
>
> Jaak
>
>
> PS: You can get free certificates from www.startssl.com
>
> On 25.06.2013 17:21, Troy A. Griffitts wrote:
> > We've had a self-signed cert for years. We did at one time obtain a
> > free cert from someplace I can't remember but often it wasn't
> > recognized as being trusted either. I will update the cert when I
> > have time, but PRACTICALLY is this really causing a problem for
> > anyone? You likely already had to add an exception being of the
> > self signing. It it really more work now that it's expired?
>
> > Jaak Ristioja <jaak at ristioja.ee> wrote:
>
> > On 25.06.2013 15:22, David Haslam wrote:
>
> > Even so, it would be sensible for CrossWire to renew its
> > certificate.
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: http://Kahunapule.org/gpg.htm
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHJ5DAACgkQ6RrPnMTEWzl90wCeLghcXsFqykkdzM7BoxkIVJdr
uP4AoKXkjvUuctyAYdiTZA4o6iJ1mPpF
=hgni
-----END PGP SIGNATURE-----




More information about the sword-devel mailing list