[Ach] (no subject)
szebi at gmx.at
Sun Jan 12 14:48:32 CET 2014
On 01/12/2014 01:18 PM, Andreas Mirbach wrote:
> Ok, i see startssl is a little difficult. But we can't provide a how
> to for that, i think.
> Because every ca has a slightly different process and every ca already
> provides a how to optain a certificat in there faqs. If your still in
> trouble i can help you to understand the startssl process.
> @all ahmad pionted out that some ssl starters don't realy know how to
> retrieve a ssl certificate. I can remember my first try on that. So
> maybe a section that describs the general process of generating a
> certificat and signing it by a ca would be very helpfull. What do you say?
Do you know Section 3.8 on Public Key Infrastructure (PKI)? There's a
section about creating a certificate and sign it by an external CA, one
about building your own CA and one describes how to create a self-signed
We could refer to this section more often in the Practical Settings, but
then we would have that link in every section, which appears to me like
> Regards Andreas Mirbach
> Sent from my iPad
> On 12.01.2014, at 06:56, Ahmad Bilal <ahmadbilal200854 at gmail.com
> <mailto:ahmadbilal200854 at gmail.com>> wrote:
>> Also, I tried StartSSL at first, but got lost somewhere, and gave up
>> in between. So yes, people like me want to improve, just need the
>> light! :)
>> On 12 January 2014 11:25, Ahmad Bilal <ahmadbilal200854 at gmail.com
>> <mailto:ahmadbilal200854 at gmail.com>> wrote:
>> thanks Rainer and Andreas. Yes, I was aware that its not that
>> safe to trust Godaddy, but to put it honestly, Learning about
>> SSL/TLS/etc is like starting all over again, after barely
>> learning programming. There is not many guides out there easily
>> searchable. It was just coincidence that I find out about
>> I have read the draft, it has been very helpful.. but my opinion
>> is, if the explanations are a bit more simple, than people will
>> benefit even more from it. As I said above, and its also written
>> in the draft, that weak code written by programmers is a big
>> concern. It should not be assumed, that a programmer would learn
>> coding, and then start to learn about cryptography. Instead
>> ideally, one should learn cryptography and programming together,
>> so that means, that midway, where a person has only grasped
>> intermediate concepts in programming, he should be introduced to
>> That means, in short, that it should be assumed that the SysAdmin
>> (at which this initiative is aimed at) can be average SysAdmin,
>> as well as a well established SysAdmin.
>> I might be saying what has been already said, many times.. and I
>> mean no offense to anyone. I'm just resonating, what are my
>> honest feelings about this.
>> Thanks a lot, I hope to learn a lot around here.
>> On 12 January 2014 03:16, Andreas Mirbach <a.mirbach at me.com
>> <mailto:a.mirbach at me.com>> wrote:
>> Even if those certificate authorities have not been hacked,
>> you have to ask yourself "do you thrust these thirth party in
>> your chain". For websites that need to be reached over the
>> internet by unknown clients, you need them. But if you know
>> your clients e.g. your companys computer you can/should use
>> your own CAs. In my opinion there should be a more detailed
>> section about certificate authorities.
>> Andreas Mirbach
>> Sent from my iPad
>> On 11.01.2014, at 21:36, Rainer Hoerbe <rainer at hoerbe.at
>> <mailto:rainer at hoerbe.at>> wrote:
>>> Finden SHA1-collisions requires 2**63 tries (may be a bit
>>> less). Faking a certificate this way is quite expensive,
>>> there are cheaper ways.
>>> No you do not be worried, because the security value of
>>> those commercial certificates ist near zero anyway. GoDaddy
>>> have been insuniated that they have been hacked in the past.
>>> The question is why to pay for a certificate of low value,
>>> when you can get the same product elsewhere for free, e.g.
>>> - Rainer
>>> Am 11.01.2014 um 15:02 schrieb Ahmad Bilal
>>> <ahmadbilal200854 at gmail.com
>>> <mailto:ahmadbilal200854 at gmail.com>>:
>>>> I have a question. I recently bought a certificate from
>>>> godaddy, and during the installation I chose SHA-2, but the
>>>> Certificate Signing Request in raw form has SHA-1 written
>>>> on it, and not SHA-2. Should I be worried?
>>>> /*Ahmad Bilal*/
>>>> Ach mailing list
>>>> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
>>> Ach mailing list
>>> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
>> /*Ahmad Bilal*/
>> /*Ahmad Bilal*/
> Ach mailing list
> Ach at lists.cert.at
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 901 bytes
Desc: OpenPGP digital signature
More information about the Ach