Bookmarked and all these emails archived. There is nothing like advice from someone who has done hands on work. And it appears I was a bit hard on Let's Encrypt, but if a low cost cert is just as good, I rather have the simple solution.
Steve Gibson's "Security Now" podcast has been covering WoSign on and off since the github incident. While Firefox will put them effectively out of business, it isn't like being sanctioned by the SEC. Employees and officers of WoSign could be back as some other agency. Original Message From: Mike Sent: Wednesday, September 28, 2016 8:11 AM To: postfix-users@postfix.org Subject: Re: WoSign/StartCom CA in the news On 9/28/2016 10:53 AM, KSB wrote: > On 2016.09.28. 17:47, Mike wrote: >> On 9/28/2016 4:55 AM, li...@lazygranch.com wrote: >>> CACert came up in my search. I will look into it. Suggestions always >>> appreciated since I'm quite comfortable with people out there knowing more >>> than me. >>> >>> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your >>> server. It bugs me. About the only outside control of my server I accept is >>> spam RBLs, because really I have no alternative. >>> >>> I understand there is github code out there (perhaps your simp_le) as an >>> alternative to whatever Let's Encrypt does regarding updates, but that >>> seems just as dicey. >> >> >> fwiw, I use GeoTrust's RapidSSL cert. >> >> I buy it through my registrar, namecheap, but I found it is also >> available a bit less expensively via enom (namecheap's parent) for $10 >> per year. It works fine for my low-traffic personal email and webservers. >> >> http://www.enom.com/secure/geotrust-ssl-certificates.aspx >> >> > When we need some specific certificates, our company used to by from > GoGetSSL.com > Geotrust's rapid for comparision: https://www.gogetssl.com/rapidssl/ Thanks, bookmarked. btw, if anyone wants to check out the RapidSSL cert in production, the Los Angeles, USA Postfix mirror uses one.
