Discussion in 'Forum Related Discussions' started by TheWindBringeth, Mar 18, 2013.
Old one on left, then saw the new one on right for a moment, now seeing the old one again
And now it's a new one, signed today and good for a little over a year.
Is everything OK?
The old self-signed certificate was due to expire on March 21, so, I needed to create a new one. But, my first attempt failed. I tried making one a little too complex for its own good. Certain values were too high with that one for it to be useable by all browsers. (Apparantly, more complex is not better, after all. )
Like the last two years, the new certificate is self-signed. And, I remain unapologetic for my decision to use a self-signed certificate over one produced by the CA system. My views are in my old posts on this, and remain unchanged by our previous two years of successful use of our own certs.
From the Forum's FAQ on HTTPS usage
Can I browse the forum using SSL/TLS encryption?
The forum can be browsed using HTTPS to provide encryption for the data sent between your browser and the forum server.
At present, the forum uses a self-signed certificate, rather than one supplied by a commercial Certificate Authority. The fingerprint of the current certificate is always available in the post announcing it in the General Topics section.
The only difference between a CA supplied certificate and one that is self signed is that a CA provides some measure of verification regarding "who" originally requested the certificate. For basic level certificates, the CA simply exchanges email with the requesting party, via the address on the website's domain registration. The assumption being that a person able to respond to their email must be the person who owns or manages the domain.
The encryption provided when using a self-signed certificate is exactly the same as that of a certificate signed by a CA.
The main downside to self-signing is that such certificates are not automatically recognized as trusted by main stream browsers. A certificate warning message will be produced when the browser encounters such a certificate. However, most browsers allow the user to approve the use of that certificate and to remember it so that future warnings will not be displayed.
Fingerprints for 2013 are as follows
SHA-1: B6 6C B2 E9 9B 88 3F 01 D4 F7 6F 50 46 68 A0 E5 B0 04 FE E4
SHA-256: 3B 50 F0 7C 60 4A 51 31 FF FF 57 0D 78 8C B0 58 77 36 A3 39 E4 0D 03 46 CC 36 19 C7 FD 82 D7 CA
Thanks mate, noticed the change when I logged on this morning. LOL that all the 'Privacy' area guys jumped right on it
Using a self-signed certificate on here is fine by me I for one wouldn't be here if i felt i couldn't trust ya
I'll trust a self signed certificate more than one issued by a certificate "authority".
Separate names with a comma.