Re: dumb question about SSL

To: debian-user@lists.debian.org
Subject: Re: dumb question about SSL
From: Roberto C. Sánchez <roberto@debian.org>
Date: Sat, 12 Jan 2019 09:56:49 -0500
Message-id: <[🔎] 20190112145649.v47wbue4vg3ehato@santiago.connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20190112092701.61a59150@jresid.jretrading.com>
References: <[🔎] 9298aa771bb08b6a7e4643b5ec679e01@gmail.com> <[🔎] 20190112092701.61a59150@jresid.jretrading.com>

On Sat, Jan 12, 2019 at 09:27:01AM +0000, Joe wrote:
> 
> Apache should be quite happy with the 'snakeoil' certificate made by
> Debian when it is installed.

Which should not be used in production or even in testing, as it
increases the likelihood that it will accidentally be deployed that way.

> There are a couple of other things that
> need to be done for SSL to work (such as enabling the Apache SSL
> module) and it's long enough ago that I did it last that you had better
> look up a few tutorials. If you need to make your web server available
> publicly (and the best of luck if you have the courage to do that) then
> its certificate must be traceable back to a public CA.
> 
That depends on who will be accessing the server in a way that requires
trusting the server.  A self-managed CA or even a self-signed
certificate may be perfectly adequate for a single user or small number
of users.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

References:
- dumb question about SSL
  - From: mick crane <mick.crane@gmail.com>
- Re: dumb question about SSL
  - From: Joe <joe@jretrading.com>

Prev by Date: Re: The Dark Mod on Stretch?
Next by Date: Re: Setting a USB for multi usages
Previous by thread: Re: dumb question about SSL
Next by thread: php7.3-fpm segfaults
Index(es):
- Date
- Thread