From: "Michael Ströder" <michael@stroeder.com>
To: galene@lists.galene.org
Subject: [Galene] Re: Heads up: Galène generates self-signed certificates
Date: Wed, 24 Feb 2021 22:57:30 +0100 [thread overview]
Message-ID: <220c342f-4d94-2976-525b-f0a0e7d453e3@stroeder.com> (raw)
In-Reply-To: <CAA93jw4U7wCKRyCv9WzqZTN_4SyrzFSuSARkJKPaK2EpT3K9sg@mail.gmail.com>
On 2/24/21 10:29 PM, Dave Taht wrote:
> I strongly agree with being able to generate a self signed cert.
That's easy to do.
> and asking folk to run the openssl command line is just asking for trouble.
Really?
> I vastly prefer to not register some things with any centralized
> authority and explain to potential users that's why it isn't
> registered and that the "invalid cert" thing is misleading.
Being one who runs simple shell script CAs for all internal self-hosted
stuff I definitely don't preach using public CAs everywhere.
But I have too much experience to teach people what to do with certs in
browsers and don't want to do that again for external Galène users.
> I however wouldn't mind if that there was a command within galene to
> fire off the lets encrypt facility if a box is on the public internet
> and has working dns. shell out to acme, I think....
Re-reading cert.pem and key.pem for more convenient key rotation is
already great.
But leave the rest to developers of certbot or other ACME clients. IMHO
there is way more important stuff to do.
Ciao, Michael.
next prev parent reply other threads:[~2021-02-24 21:57 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-24 19:30 [Galene] " Juliusz Chroboczek
2021-02-24 19:47 ` [Galene] " Michael Ströder
2021-02-24 21:16 ` Juliusz Chroboczek
2021-02-24 21:24 ` Juliusz Chroboczek
2021-02-24 21:29 ` Dave Taht
2021-02-24 21:55 ` Toke Høiland-Jørgensen
2021-02-24 21:57 ` Michael Ströder [this message]
2021-02-24 22:25 ` Juliusz Chroboczek
2021-02-24 22:02 ` Juliusz Chroboczek
2021-02-24 21:44 ` Michael Ströder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=220c342f-4d94-2976-525b-f0a0e7d453e3@stroeder.com \
--to=michael@stroeder.com \
--cc=galene@lists.galene.org \
--subject='[Galene] Re: Heads up: Galène generates self-signed certificates' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox