Re: Community accounts and SSL

On Wed, 12 Mar 2008 14:33:13 -0700 Joshua D. Drake wrote:

> On Wed, 12 Mar 2008 17:25:11 -0400
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> > "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
> > > That is certainly one way, but do we really need that? Isn't a self
> > > signed cert good enough?
> >
> > Self-signed certs on a public-facing website scream of amateurism.
> > Every time someone visits the site, their browser will complain
> > about it, and quite rightly.
>
> Well that isn't true. It asks once and that's it. I will admit
> though that FF3 certainly makes it abundantly clear that it doesn't like
> it that first time. As far as the amateurism, opinion vary :).

Yes, you can tell your browser not to complain again, that's true but
that's not what you want.

How should i know who issued the cert in the first place? Was it you,
Joshua, was the cert issued and signed by the www team or was it some
hacker just sitting in the middle between my dsl and the postgresql
infrastructure?

> > If you wanna do this, you need to pony up some cash to Verisign or
> > one of the other recognized CAs.
>
> Well like I said, we can do that. If that is the way the community
> wants to go. A 5 year wildcard cert which could be used across all
> subdomains is about 500.00.

We could also try CACert.

Kind regards

--
Andreas 'ads' Scherbaum
German PostgreSQL User Group
European PostgreSQL User Group - Board of Directors