What would be the use of a self signed cert that is not automatically checked? If you see a warning how can you be sure that the cryptographic key used is correct? Just manually checking the common name displayed lowers the security to almost zero. A big additional disadvantage is that one gets used to ignoring security warnings.
Setting up a "CA" is quite easy and installing the new root certificate in the root store of the devices used is also quite easy. I switched to a certificate from startssl and of course I generated the key pair on my own and transferred only the CSR (certificate signing request). Am 24. November 2016 16:37:48 MEZ, schrieb Steve Litt <sl...@troubleshooters.com>: >On Thu, 24 Nov 2016 07:52:51 +0100 (CET) >Steffen Kaiser <skdove...@smail.inf.fh-brs.de> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Wed, 23 Nov 2016, Steve Litt wrote: >> >> >On Wed, 23 Nov 2016 16:04:22 -0600 (CST) Greg Rivers >> ><gcr+dove...@tharned.org> wrote: >> >> $ strings $(whence alpine) | grep '^/.*certs$' >> >> /etc/ssl/certs >> > >> > The directory or the certs isn't the problem. Alpine sees the >> > self-signed cert I just made, but complains because it's >> > self-signed, and gives me the choice between saying "yes" every >> > time, and just not checking for certs at all. >> >> "sees the self-signed cert"? >> Did you've added it as trusted to the CA as Greg said and wrote what >> to do? > >No. I don't want to deal with a third party "Trusted Party": I want it >self-signed. What I was looking for was a way Alpine could be set to >check for a cert, warn if the cert is conflicting, but not warn if it's >self-signed. > >Thanks, > >SteveT > >Steve Litt >November 2016 featured book: Quit Joblessness: Start Your Own Business >http://www.troubleshooters.com/startbiz -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
