divelogs.de upload

Dirk Hohndel dirk at hohndel.org
Sun Mar 10 12:24:56 PDT 2013


On Mar 10, 2013, at 12:15 PM, Rainer Mohr wrote:

> 
>> No SSL, Rainer? Oh well.
> 
> Well, depends... I can't afford an officially signed cerificate (verisign, globalsign or whatever) as I'd need a wildcard certificate and that costs around 600 Euros per year. A bit much for a site, that doesn't bring in a penny (on the contrary).

Tell me about it. I'd rather not add up all the money I'm spending on doing Subsurface :-/

But startssl.com will give you StartSSL Verified including a wildcard certificate for USD 60 a year. That's what *.hohndel.org is using as of a week or so ago…

> I can however generate a self signed certificate and read myself into how to pimp Apache to use it for SSL. No idea how subsurface would react to a non-trusted certificate though (Browsers hate them and nag you to import them before using the site). Must admit, that I've not really dug into this whole certificate thing yet. But if it's wanted, I'll be pleased to do it. In that case, any wisdom on this subject is highly appreciated.

Nah, self signed certificates are of rather limited value. The one thing that would provide value is a 'real' certificate that browsers and clients will recognize. I had zero problems getting clients to happily work with the StartSSL certificate that I have. The process was only mildly painful :-)   -- since I've done self signed certificates before I'd even say that it was less painful then setting up those…

/D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4130 bytes
Desc: not available
URL: <http://lists.hohndel.org/pipermail/subsurface/attachments/20130310/0bfdfc9e/attachment.bin>


More information about the subsurface mailing list