On Friday 28 September 2007 01:10:48 Robin H. Johnson wrote: > > Is there a reason that my Godaddy suggestion in the bug isn't being > > considered? Regardless of what you may think of them as a company, they > > offer the same free type of certificate to open source projects just like > > cacert, and with what looks to be considerable less overhead. I > > understand that cacert is more "open sourcy" than godaddy, but if they're > > as much of a roadblock as the Trustees are in this case, maybe going that > > route would enable us to move forward? > > See my comment #14, regarding regenerating the certs [1] each time the set > of SSL vhosts on a box changes. For mail services, this isn't really an > issue, but for web services it's a big one. Wildcards only work in > Mozilla, and nowhere else [2]. > > [1] > http://wiki.cacert.org/wiki/VhostTaskForce#head-7236c4e2c9932ef42056b3ff6d3 >67053081887de [2] http://wiki.cacert.org/wiki/WildcardCertificates
Wildcard certs work with all browsers, even wget and lynx, and one wildcard will cover anything *.gentoo.org, but not *.*.gentoo.org. No regeneration necessary. That wiki page I believe only talks about *'s in different places, which is not supported. I personally use the same wildcard cert for webmail via apache, imap/pop via courier, and SMTP. -- Mike Williams -- [EMAIL PROTECTED] mailing list
