Conversation
Notices
-
@tuttle Actually, since everything supports SNI nowadays (part of TLS, and SSL is scrapped) you can use multiple separate certificates instead!
-
@tuttle There's #LetsEncrypt of course, which (if you set it up, it's not necessarily automagical out of the box) can be automated to update certs just using a cron script.
And then there's StartSSL, but you should be aware they're an Israeli company and thus supporting them might indicate support for genocide against palestinians.
-
@drymer @tuttle Self-signed isn't much better than ordinary CAs. What would be cool to start using is #Monkeysphere! OpenPGP based web of trust for TLS certificates.
-
@drymer As long as we don't have simple TOFU (trust on first use) policies built-in to TLS clients, self-signed certificates are probably more bad than beneficial because they teach people to just ignore the (nowadays pretty scary looking!) warnings.
-
@postblue GoDaddy shoots elephants!
-
@tuttle Awesome! Congratulations on getting hassle-free at-least-better-than-nothing security!