home.social

#cacert — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cacert, aggregated by home.social.

  1. TIL

    pip install pip_system_certs

    Helps solving issues with requests and other Python libraries when you are installing custom CA certificates on the operating system and these are not recognized.

  2. @marcel the last #CAcert assurance I did was in 2013. I stopped using it myself I don't know how many years back. I think there would still be use for it, but it would require the root certs to be part of the major browser and OS trust chains.
    @cacert

  3. @marcel the last #CAcert assurance I did was in 2013. I stopped using it myself I don't know how many years back. I think there would still be use for it, but it would require the root certs to be part of the major browser and OS trust chains.
    @cacert

  4. @marcel the last #CAcert assurance I did was in 2013. I stopped using it myself I don't know how many years back. I think there would still be use for it, but it would require the root certs to be part of the major browser and OS trust chains.
    @cacert

  5. @marcel the last #CAcert assurance I did was in 2013. I stopped using it myself I don't know how many years back. I think there would still be use for it, but it would require the root certs to be part of the major browser and OS trust chains.
    @cacert

  6. @marcel the last #CAcert assurance I did was in 2013. I stopped using it myself I don't know how many years back. I think there would still be use for it, but it would require the root certs to be part of the major browser and OS trust chains.
    @cacert

  7. Scrolling through the internet searching for signs of life of #CAcert I found nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
    @cacert

  8. Scrolling through the internet searching for signs of life of #CAcert I found nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
    @cacert

  9. Scrolling through the internet searching for signs of life of #CAcert I found nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
    @cacert

  10. Scrolling through the internet searching for signs of life of #CAcert I found nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
    @cacert

  11. Scrolling through the internet searching for signs of life of #CAcert I found nerdcert.eu/ from @jwildeboer. Looks very interesting, but not much activity neither.
    @cacert

  12. @deepjoy
    Yes, I participated in two projects funded by #NLnet
    First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.

    I have to say that the email server actually requires the least work of all.
    I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
    My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.

    IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
    So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).

    Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.

    @yunohost @nlnet

  13. @deepjoy
    Yes, I participated in two projects funded by #NLnet
    First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.

    I have to say that the email server actually requires the least work of all.
    I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
    My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.

    IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
    So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).

    Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.

    @yunohost @nlnet

  14. @deepjoy
    Yes, I participated in two projects funded by #NLnet
    First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.

    I have to say that the email server actually requires the least work of all.
    I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
    My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.

    IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
    So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).

    Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.

    @yunohost @nlnet

  15. @deepjoy
    Yes, I participated in two projects funded by #NLnet
    First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.

    I have to say that the email server actually requires the least work of all.
    I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
    My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.

    IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
    So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).

    Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.

    @yunohost @nlnet

  16. @deepjoy
    Yes, I participated in two projects funded by #NLnet
    First, #CAcert (I was on the board from 2012 to 2016, most recently as Vice President). Then, from 2016 until its unfortunate discontinuation in 2022, I worked on the #WPIA project, again as Vice President and also as Managing Director.

    I have to say that the email server actually requires the least work of all.
    I use the #MailCow Suite @doncow , and a lot of it is already automated, and the individual components work together seamlessly.
    My mail server "serves" almost the entire family network, as well as 4 small businesses and a handful of clubs. So, about 10 or 12 "main domains", and around 20 or 25 alias domains.

    IP reputation hasn't worried me much either; I've only had one blacklisting issue in the last five years, but the hosting provider resolved it within a few hours. And of course, you have to ensure that #DKIM, #DMARC, #SPF etc. work together correctly. Then it becomes quite easy.
    So I'd say things have gotten easier since I started #selfhosting e-Mail years ago. (#mDaemon was my first hosting suite for e-Mail).

    Edit: I should also mention that I run an email setup with a primary mail server and a backup mail server.

    @yunohost @nlnet

  17. Bạn mới tự host và gặp khó khăn khi cài cert CA tùy chỉnh trên Android? Hãy bật chế độ nhà phát triển, vào Cài đặt > Bảo mật > Cài đặt chứng chỉ và thêm cert người dùng. Đối với Firefox, bật “Allow user certificates” trong “about:config”. Đảm bảo tên miền (appname.homelab) được trỏ đúng qua hosts hoặc DNS của Tailscale và kiểm tra ngày hết hạn cert. #selfhosted #Android #CACert #Tailscale #Caddy #Vietnam #tựhost #bảo_mật 🚀

    reddit.com/r/selfhosted/commen

  18. @fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.

    Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur cacert.org/

    #cacert

  19. @fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.

    Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur cacert.org/

    #cacert

  20. @fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.

    Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur cacert.org/

    #cacert

  21. @fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.

    Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur cacert.org/

    #cacert

  22. @fluepke Nutze die schon seit Jahren. Hatte nicht mitbekommen, dass das Angebot eingestellt wird. Scheinbar geringe Verbreitung und Akzeptanz.

    Es bleibt, als komplett kostenlose Community-CA nach dem Web-of-Trust-Prinzip, aktuell wohl nur cacert.org/

    #cacert

  23. @jwildeboer @mynacol
    Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others?

  24. @jwildeboer @mynacol
    Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others?

  25. @jwildeboer @mynacol
    Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others?

  26. @jwildeboer @mynacol
    Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others?

  27. @jwildeboer @mynacol
    Great. What do the entries look like that accept #letsencrypt and #CAcert.org for S/MIME certificates and disallow all others?

  28. This topic has been occupying my brain cycles for quite some time now. It's already so deep down that I spontaneously sing "I am CA" to the Village People's YMCA song :) So it's time to share with you all and get more input. (CA is Certification Authority in x.509 lingo, I'll explain it all in my blog series :) (Why didn't #cacert think about this many years ago? Damn ;)

    #nerdcert

  29. This topic has been occupying my brain cycles for quite some time now. It's already so deep down that I spontaneously sing "I am CA" to the Village People's YMCA song :) So it's time to share with you all and get more input. (CA is Certification Authority in x.509 lingo, I'll explain it all in my blog series :) (Why didn't #cacert think about this many years ago? Damn ;)

    #nerdcert

  30. This topic has been occupying my brain cycles for quite some time now. It's already so deep down that I spontaneously sing "I am CA" to the Village People's YMCA song :) So it's time to share with you all and get more input. (CA is Certification Authority in x.509 lingo, I'll explain it all in my blog series :) (Why didn't #cacert think about this many years ago? Damn ;)

    #nerdcert

  31. This topic has been occupying my brain cycles for quite some time now. It's already so deep down that I spontaneously sing "I am CA" to the Village People's YMCA song :) So it's time to share with you all and get more input. (CA is Certification Authority in x.509 lingo, I'll explain it all in my blog series :) (Why didn't #cacert think about this many years ago? Damn ;)

    #nerdcert

  32. @vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!

    Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).

    CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).

    #PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust

  33. @vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!

    Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).

    CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).

    #PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust

  34. @vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!

    Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).

    CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).

    #PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust

  35. @vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!

    Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).

    CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).

    #PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust

  36. @vlpatton The classic method is a key signing party. Get a bunch of people in the same room with legal photo identification and their fingerprints, and go around the room checking everyone else’s ID. Then, go home and sign everyone’s keys. Send the signed key to the key owner. Import signed keys and collect signatures!

    Key servers sharing signatures haven’t been a thing since the attacks years ago. Any modern keyserver will strip the signatures, so you’ll have to distribute your key with signatures some other way (WKD, DNS, a file on your web site, etc.).

    CAcert will do PGP key endorsements if you get enough assurances on their platform. Everyone with a signed key has had two forms of ID checked by two people. However, their infrastructure can only work on old-school RSA keys right now (they’re working on modernizing).

    #PGP #GnuPG #CAcert #KeySigningParty #cryptoparty #WebOfTrust

  37. @leyrer
    Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.

    Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.

  38. @leyrer
    Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.

    Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.

  39. @leyrer
    Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.

    Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.

  40. @leyrer
    Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.

    Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.

  41. @leyrer
    Ich sagte nicht, dass er tatsächlich "vertrauenswürdig" ist. Aber Faktum ist, dass es diesen und zwei weitere "Vertrauensdiensteanbieter" in Österreich gibt. Und es bieten alle Drei auch S/MIME kompatible Zertifikate an.

    Aber Du hast im Grunde schon recht, da geniesst bei mir #CAcert höheres Vertrauen als die drei zusammen.

  42. Für CAs ist es mit der Entfernung des <keygen> Element aus dem HTML Standard in der Tat nicht mehr so einfach die Private Keys komfortabel im Browser des Kunden erstellen zu lassen, diese in dessen Zertifikatsverwaltung zu schieben, ... aber #CAcert hat eine technische Lösung gefunden (siehe blog.cacert.org/2024/02/finall - auch wenn CAcert als allgemeine CA mangels Integration in den Browsern ausscheidet).

    6/x

    @Lioh @gnulinux

  43. Für CAs ist es mit der Entfernung des <keygen> Element aus dem HTML Standard in der Tat nicht mehr so einfach die Private Keys komfortabel im Browser des Kunden erstellen zu lassen, diese in dessen Zertifikatsverwaltung zu schieben, ... aber #CAcert hat eine technische Lösung gefunden (siehe blog.cacert.org/2024/02/finall - auch wenn CAcert als allgemeine CA mangels Integration in den Browsern ausscheidet).

    6/x

    @Lioh @gnulinux

  44. Für CAs ist es mit der Entfernung des <keygen> Element aus dem HTML Standard in der Tat nicht mehr so einfach die Private Keys komfortabel im Browser des Kunden erstellen zu lassen, diese in dessen Zertifikatsverwaltung zu schieben, ... aber #CAcert hat eine technische Lösung gefunden (siehe blog.cacert.org/2024/02/finall - auch wenn CAcert als allgemeine CA mangels Integration in den Browsern ausscheidet).

    6/x

    @Lioh @gnulinux

  45. Für CAs ist es mit der Entfernung des <keygen> Element aus dem HTML Standard in der Tat nicht mehr so einfach die Private Keys komfortabel im Browser des Kunden erstellen zu lassen, diese in dessen Zertifikatsverwaltung zu schieben, ... aber #CAcert hat eine technische Lösung gefunden (siehe blog.cacert.org/2024/02/finall - auch wenn CAcert als allgemeine CA mangels Integration in den Browsern ausscheidet).

    6/x

    @Lioh @gnulinux