On 2013/10/22 10:46, Sunny wrote: > On 12/10/2013 19:54, Stuart Henderson wrote: > >On 2013/10/11 22:42, John Darrah wrote: > >>Hi. Would it be possible to get SSL on the OpenBSD website(s)? > >>It would be just a couple lines to change in nginx.conf/httpd.conf. > >>SSL certificates are free from Startcom and cheap from other vendors. > >>It would be really nice to have, even if it's not the default. > >If doing this at all, running it from a private CA would imho make a lot > >more sense than agreeing to the contractual requirements of a commercial CA. > > > And how would you go about distributing private CA cert securely? >
in /etc/ssl/cert.pem. if you don't trust that, then neither can you trust the ssl libraries, browsers, etc.
