Thanks.
>> Suppose you don't trust all those CAs. What can you do?
> Then they shouldn't be in your trust root to begin with. It's easy enough to
> remove a CA source file from the system cert store and rebuild it, although
> what to do is slightly different on each system.
The problem with tha
Hal Murray via devel writes:
> Suppose you don't trust all those CAs. What can you do?
Then they shouldn't be in your trust root to begin with. It's easy
enough to remove a CA source file from the system cert store and rebuild
it, although what to do is slightly different on each system.
> One
Hal Murray via devel writes:
> What do I type to find out when my certificate expires? We should make a
> script that can be called from cron.
This will return 0 if the certificate doesn't or 1 if the certificate
does expire within the next 90 days:
openssl x509-in /path/to/cert -noout -checken
On Wed, Sep 11, 2019 at 7:43 PM Hal Murray via devel
wrote:
>
> Any openssl command line wizards?
>
Probably, not me though.
> What do I type to find out when my certificate expires? We should make a
> script that can be called from cron.
>
generally something like the following works fairly
On 3/20/19 2:57 PM, Hal Murray via devel wrote:
>
> I've been testing with self-signed certificates. It's time to shift to real
> certificates. They need a FQDN which I don't have, so it's time to get a
> domain. (I want one for other reasons anyway.) Anybody have suggestions for
> vendors?
I recently switched from namecheap to Gandi, because Gandi has better
DNSSec support.
Namecheap will offer you a .xyz or .vip domain for under $2 for the first
year, $10 renewal.
Basic DNS is included by all. But if you want something better,please have
a look at https://dns.he.net. HE has serv
