#cacert — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cacert, aggregated by home.social.
-
Scrolling through the internet searching for signs of life of #CAcert I found https://nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
@cacert -
Scrolling through the internet searching for signs of life of #CAcert I found https://nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
@cacert -
Scrolling through the internet searching for signs of life of #CAcert I found https://nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
@cacert -
Scrolling through the internet searching for signs of life of #CAcert I found https://nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
@cacert -
Scrolling through the internet searching for signs of life of #CAcert I found https://nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
@cacert -
-
-
-
-
-
@deepjoy
Yes, I participated in two projects funded by #NLnet
First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.I have to say that the email server actually requires the least work of all.
I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.
-
@deepjoy
Yes, I participated in two projects funded by #NLnet
First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.I have to say that the email server actually requires the least work of all.
I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.
-
@deepjoy
Yes, I participated in two projects funded by #NLnet
First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.I have to say that the email server actually requires the least work of all.
I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.
-
@deepjoy
Yes, I participated in two projects funded by #NLnet
First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.I have to say that the email server actually requires the least work of all.
I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.
-
@deepjoy
Yes, I participated in two projects funded by #NLnet
First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.I have to say that the email server actually requires the least work of all.
I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.
-
Bạn mới tự host và gặp khó khăn khi cài cert CA tùy chỉnh trên Android? Hãy bật chế độ nhà phát triển, vào Cài đặt > Bảo mật > Cài đặt chứng chỉ và thêm cert người dùng. Đối với Firefox, bật “Allow user certificates” trong “about:config”. Đảm bảo tên miền (appname.homelab) được trỏ đúng qua hosts hoặc DNS của Tailscale và kiểm tra ngày hết hạn cert. #selfhosted #Android #CACert #Tailscale #Caddy #Vietnam #tựhost #bảo_mật 🚀
https://www.reddit.com/r/selfhosted/comments/1q66i7n/ca_certificates_on
-
@fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.
Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur https://cacert.org/
-
@fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.
Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur https://cacert.org/
-
@fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.
Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur https://cacert.org/
-
@fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.
Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur https://cacert.org/
-
@fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.
Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur https://cacert.org/
-
@jwildeboer @mynacol
Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others? -
@jwildeboer @mynacol
Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others? -
@jwildeboer @mynacol
Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others? -
@jwildeboer @mynacol
Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others? -
@jwildeboer @mynacol
Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others? -
This topic has been occupying my brain cycles for quite some time now. It's already so deep down that I spontaneously sing "I am CA" to the Village People's YMCA song :) So it's time to share with you all and get more input. (CA is Certification Authority in x.509 lingo, I'll explain it all in my blog series :) (Why didn't #cacert think about this many years ago? Damn ;)
-
This topic has been occupying my brain cycles for quite some time now. It's already so deep down that I spontaneously sing "I am CA" to the Village People's YMCA song :) So it's time to share with you all and get more input. (CA is Certification Authority in x.509 lingo, I'll explain it all in my blog series :) (Why didn't #cacert think about this many years ago? Damn ;)
-
This topic has been occupying my brain cycles for quite some time now. It's already so deep down that I spontaneously sing "I am CA" to the Village People's YMCA song :) So it's time to share with you all and get more input. (CA is Certification Authority in x.509 lingo, I'll explain it all in my blog series :) (Why didn't #cacert think about this many years ago? Damn ;)
-
This topic has been occupying my brain cycles for quite some time now. It's already so deep down that I spontaneously sing "I am CA" to the Village People's YMCA song :) So it's time to share with you all and get more input. (CA is Certification Authority in x.509 lingo, I'll explain it all in my blog series :) (Why didn't #cacert think about this many years ago? Damn ;)
-
@vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!
Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).
CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).
#PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust
-
@vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!
Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).
CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).
#PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust
-
@vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!
Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).
CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).
#PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust
-
@vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!
Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).
CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).
#PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust
-
@vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!
Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).
CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).
#PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust
-
@leyrer
Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.
-
@leyrer
Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.
-
@leyrer
Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.
-
@leyrer
Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.
-
@leyrer
Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.
-
Für CAs ist es mit der Entfernung des <keygen> Element aus dem HTML Standard in der Tat nicht mehr so einfach die Private Keys komfortabel im Browser des Kunden erstellen zu lassen, diese in dessen Zertifikatsverwaltung zu schieben, ... aber #CAcert hat eine technische Lösung gefunden (siehe https://blog.cacert.org/2024/02/finally-create-a-client-certificate-in-the-browser/ - auch wenn CAcert als allgemeine CA mangels Integration in den Browsern ausscheidet).
6/x
-
Für CAs ist es mit der Entfernung des <keygen> Element aus dem HTML Standard in der Tat nicht mehr so einfach die Private Keys komfortabel im Browser des Kunden erstellen zu lassen, diese in dessen Zertifikatsverwaltung zu schieben, ... aber #CAcert hat eine technische Lösung gefunden (siehe https://blog.cacert.org/2024/02/finally-create-a-client-certificate-in-the-browser/ - auch wenn CAcert als allgemeine CA mangels Integration in den Browsern ausscheidet).
6/x
-
Für CAs ist es mit der Entfernung des <keygen> Element aus dem HTML Standard in der Tat nicht mehr so einfach die Private Keys komfortabel im Browser des Kunden erstellen zu lassen, diese in dessen Zertifikatsverwaltung zu schieben, ... aber #CAcert hat eine technische Lösung gefunden (siehe https://blog.cacert.org/2024/02/finally-create-a-client-certificate-in-the-browser/ - auch wenn CAcert als allgemeine CA mangels Integration in den Browsern ausscheidet).
6/x
-
Für CAs ist es mit der Entfernung des <keygen> Element aus dem HTML Standard in der Tat nicht mehr so einfach die Private Keys komfortabel im Browser des Kunden erstellen zu lassen, diese in dessen Zertifikatsverwaltung zu schieben, ... aber #CAcert hat eine technische Lösung gefunden (siehe https://blog.cacert.org/2024/02/finally-create-a-client-certificate-in-the-browser/ - auch wenn CAcert als allgemeine CA mangels Integration in den Browsern ausscheidet).
6/x