hi,
i think the responses may depend on where the server resides and who the
relying parties are.
- for relying parties being all internet users or only a subset
- your server hosted by an ISP
- your server hosted by your company (on which type of os/webserver)
- for relying parties being your intranet only or even just one system
- your server inside your intranet
I know about a large company that has a large multinational "intranet" with MANY server with special
server to server an internal only admin usages. they could/should have used their own CAs etc. but
just having each "site" buy from one of the commercial players was "easier", well ...
not talking about client certs
/PS
On 17/11/2025 02:57, Charles Mills wrote:
Not you personally! Do you configure your certifcate management system (RACF,
TSS, ACF2 or gskkyman) to TRUST the Let's Encrypt roots, O = Internet Security
Research Group, CN = ISRG Root X1 and/or CN = ISRG Root X2?
This is a survey cross-posted to IBM-MAIN and RACF-L.
I'd like to hear -- either in this forum or privately to charlesm at mcn dot org -- both
Yes AND ALSO NO answers especially from folks with certifcate systems that DO trust
DigiCert, GlobalSign, Sectigo, GoDaddy or other "legacy" certifcate authorities.
Bonus question: if not, why not?
Fun fact: Let's Encrypt is now the largest certificate authority in the world.
Maybe because it's free?
Thanks much,
Charles
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
