[OpenWrt-Devel] wiki.openwrt.org uses an invalid security certificate / expired on 12.2.2015 17:18

Saverio Proto zioproto at gmail.com
Sat Feb 14 14:36:19 EST 2015

I think the business model of StartSSL and others, is that they give
certificates for free, but you have to pay a lot in case you need to
revoke a certificate.

my 2 cents


2015-02-14 19:31 GMT+01:00 Alessandro Di Federico <ale+owrt at clearmind.me>:
> On Sat, 14 Feb 2015 18:21:41 +0100
> phaidros <phaidros at subsignal.org> wrote:
>> Nope, I would vote against StartSSL. I know it is free, but the
>> procedure sucks, and honestly: there is *one* company on the planet
>> givin out *free* SSL Certs .. if that doesn't ring bells, I dunno what
>> could :)
> They just say you're who you say you are, they don't have your private
> key. In any case, if you don't trust them, it doesn't matter, because
> they're part of the trusted set of the PKI, so everyone trusts them
> (and can be fooled by them). We could start talking about
> certificate pinning, but I don't think it's a priority right now.
> On Sat, 14 Feb 2015 09:35:29 -0800
> "Constantine A. Murenin" <mureninc at gmail.com> wrote:
>> No, WoSign also does.
>>     https://www.wosign.com/english/price.htm
>> In fact, WoSign gives out free certificates valid for 2-years, and
>> they also even let you have multiple CNs in the same cert (although
>> wildcast for free is not supported).
> Never tried them. StartSSL certificates last one year and are valid for
> one second level domain (e.g. openwrt.org) and a third level
> domain(e.g. wiki.openwrt.org), but you can have as many of them as you
> want (e.g. one for openwrt.org+wiki.openwrt.org and one for
> openwrt.org+www.openwrt.org).
> If the admins are interested in *my* help I'd go for StartSSL, for the
> simple reason that it takes 30 seconds to generate a new certificate,
> since I'm already using it.
> In the future, we'll all use Let's encrypt and be happy [1].
> In any case, I'd avoid CACert [2].
> --
> Alessandro Di Federico
> [1] https://letsencrypt.org/
> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=215243
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list