Momentary cert change?

Discussion in 'Forum Related Discussions' started by TheWindBringeth, Mar 18, 2013.

Thread Status:
Not open for further replies.
  1. TheWindBringeth

    TheWindBringeth Registered Member

    Feb 29, 2012
    Old one on left, then saw the new one on right for a moment, now seeing the old one again o_O
    Last edited by a moderator: Mar 19, 2013
  2. mirimir

    mirimir Registered Member

    Oct 1, 2011
    And now it's a new one, signed today and good for a little over a year.

    Is everything OK?
  3. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
    The old self-signed certificate was due to expire on March 21, so, I needed to create a new one. But, my first attempt failed. I tried making one a little too complex for its own good. Certain values were too high with that one for it to be useable by all browsers. (Apparantly, more complex is not better, after all. :rolleyes: )

    Like the last two years, the new certificate is self-signed. And, I remain unapologetic for my decision to use a self-signed certificate over one produced by the CA system. My views are in my old posts on this, and remain unchanged by our previous two years of successful use of our own certs.

    From the Forum's FAQ on HTTPS usage
    Can I browse the forum using SSL/TLS encryption?

    The forum can be browsed using HTTPS to provide encryption for the data sent between your browser and the forum server.

    At present, the forum uses a self-signed certificate, rather than one supplied by a commercial Certificate Authority. The fingerprint of the current certificate is always available in the post announcing it in the General Topics section.

    The only difference between a CA supplied certificate and one that is self signed is that a CA provides some measure of verification regarding "who" originally requested the certificate. For basic level certificates, the CA simply exchanges email with the requesting party, via the address on the website's domain registration. The assumption being that a person able to respond to their email must be the person who owns or manages the domain.

    The encryption provided when using a self-signed certificate is exactly the same as that of a certificate signed by a CA.

    The main downside to self-signing is that such certificates are not automatically recognized as trusted by main stream browsers. A certificate warning message will be produced when the browser encounters such a certificate. However, most browsers allow the user to approve the use of that certificate and to remember it so that future warnings will not be displayed.

    Reference posts

    Fingerprints for 2013 are as follows
    SHA-1: B6 6C B2 E9 9B 88 3F 01 D4 F7 6F 50 46 68 A0 E5 B0 04 FE E4
    SHA-256: 3B 50 F0 7C 60 4A 51 31 FF FF 57 0D 78 8C B0 58 77 36 A3 39 E4 0D 03 46 CC 36 19 C7 FD 82 D7 CA
    Last edited: Apr 3, 2015
  4. PaulyDefran

    PaulyDefran Registered Member

    Dec 1, 2011
    Thanks mate, noticed the change when I logged on this morning. LOL that all the 'Privacy' area guys jumped right on it :D

  5. CloneRanger

    CloneRanger Registered Member

    Jan 4, 2006
    @ LowWaterMark

    Using a self-signed certificate on here is fine by me :) I for one wouldn't be here if i felt i couldn't trust ya ;)
  6. noone_particular

    noone_particular Registered Member

    Aug 8, 2008
    I'll trust a self signed certificate more than one issued by a certificate "authority".
Thread Status:
Not open for further replies.