> On Jun 26, 2017, at 8:24 AM, Peter Von Kaehne wrote:
>
> Von: "DM Smith"
>> Ultimately a root CA is a self-signed certificate. The difference is that
>> the public key is installed into the root CA store on the user’s computer or
>> into the user’s “browser’s” store. Then certs signed by that CA are not
>> self-signed. This is essentially what many companies do for internal
>> communication. The DoD likewise.
>
> Which makes me think whether we could avoid the trouble we have annually or
> so with certs to now expand into module distribution by distributing our own
> cert/signature within the library?
I don’t think this is a reasonable solution. I’ve installed such on my
computers and it isn’t a simple mechanism. The mechanism differs by OS and by
client program (e.g. browser). I’ve not figured out how to do it on a tablet or
a phone. Companies that use such often control the connected computing devices.
LetsEncrypt is a better root CA as it is recognized by all modern OSes without
user intervention. I.e. it is authoritative.
The problems we’ve had with renewing the cert is a solvable problem that I’m
able to fix. BTW, I get emails from LetsEncrypt in advance of the cert
expiring. If it expires, it is my fault for waiting. A couple of days before it
expires, if I’m still getting emails I know that the automation has failed and
needs my intervention.
In Him,
DM
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
