Momentary cert change?

TheWindBringeth · Mar 19, 2013

Old one on left, then saw the new one on right for a moment, now seeing the old one again

mirimir · Mar 19, 2013

And now it's a new one, signed today and good for a little over a year.

Is everything OK?

LowWaterMark · Apr 3, 2015

The old self-signed certificate was due to expire on March 21, so, I needed to create a new one. But, my first attempt failed. I tried making one a little too complex for its own good. Certain values were too high with that one for it to be useable by all browsers. (Apparantly, more complex is not better, after all. )

Like the last two years, the new certificate is self-signed. And, I remain unapologetic for my decision to use a self-signed certificate over one produced by the CA system. My views are in my old posts on this, and remain unchanged by our previous two years of successful use of our own certs.

From the Forum's FAQ on HTTPS usage
Can I browse the forum using SSL/TLS encryption?

The forum can be browsed using HTTPS to provide encryption for the data sent between your browser and the forum server.

At present, the forum uses a self-signed certificate, rather than one supplied by a commercial Certificate Authority. The fingerprint of the current certificate is always available in the post announcing it in the General Topics section.

The only difference between a CA supplied certificate and one that is self signed is that a CA provides some measure of verification regarding "who" originally requested the certificate. For basic level certificates, the CA simply exchanges email with the requesting party, via the address on the website's domain registration. The assumption being that a person able to respond to their email must be the person who owns or manages the domain.

The encryption provided when using a self-signed certificate is exactly the same as that of a certificate signed by a CA.

The main downside to self-signing is that such certificates are not automatically recognized as trusted by main stream browsers. A certificate warning message will be produced when the browser encounters such a certificate. However, most browsers allow the user to approve the use of that certificate and to remember it so that future warnings will not be displayed.

Reference posts
https://www.wilderssecurity.com/showpost.php?p=2349462
https://www.wilderssecurity.com/showpost.php?p=2016280
https://www.wilderssecurity.com/showpost.php?p=1858009

Fingerprints for 2013 are as follows
SHA-1: B6 6C B2 E9 9B 88 3F 01 D4 F7 6F 50 46 68 A0 E5 B0 04 FE E4
SHA-256: 3B 50 F0 7C 60 4A 51 31 FF FF 57 0D 78 8C B0 58 77 36 A3 39 E4 0D 03 46 CC 36 19 C7 FD 82 D7 CA

PaulyDefran · Mar 19, 2013

Thanks mate, noticed the change when I logged on this morning. LOL that all the 'Privacy' area guys jumped right on it

PD

CloneRanger · Mar 19, 2013

@ LowWaterMark

Using a self-signed certificate on here is fine by me I for one wouldn't be here if i felt i couldn't trust ya

noone_particular · Mar 19, 2013

I'll trust a self signed certificate more than one issued by a certificate "authority".

Log in or Sign up

Momentary cert change?

TheWindBringeth Registered Member

mirimir Registered Member

LowWaterMark Administrator

PaulyDefran Registered Member

CloneRanger Registered Member

noone_particular Registered Member

Log in or Sign up

Momentary cert change?

TheWindBringeth Registered Member

mirimir Registered Member

LowWaterMark Administrator

PaulyDefran Registered Member

CloneRanger Registered Member

noone_particular Registered Member

Useful Searches