Xfce sub-domains get ssl certificates

Jean-François Wauthy pollux at xfce.org
Sat Mar 26 09:42:07 CET 2011

Le samedi 26 mars 2011 à 02:32 +0200, Pasi Lallinaho a écrit :
> On 03/26/2011 12:53 AM, Nick Schermer wrote:
> > Folks,
> >
> > A number of Xfce sub-domains where users login and send data will get
> > ssl certificates and https-only access. As a start bugzilla.xfce.org
> > is https only. Translations, wiki and forum will follow. I'm not sure
> > the last two should be https-only but I guess it won't hurt, unless
> > someone complains (?).
> >
> > Cheers,
> > Nick
> > _______________________________________________
> > Xfce4-dev mailing list
> > Xfce4-dev at xfce.org
> > http://foo-projects.org/mailman/listinfo/xfce4-dev
> I think it's okay as long as the certificate is by a trusted issuer and
> you don't specifically need to "allow and untrusted connection". If you
> do need to do that, then it's ridiculous and you should allow normal
> HTTP access immediately.
They will be issued by a 'trusted' CA. But using self-signed
certificates or using your own CA (not trusted by your browser by
default) is not ridiculous because it provides encryption of your
connection that you can't have with HTTP. 

Self-signed certificates are useful when you don't want to waste money
on certs and to still provide an acceptable level of privacy for
communications with your website.

Jean-François Wauthy <jfw at p0llux.be>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://mail.xfce.org/pipermail/xfce4-dev/attachments/20110326/b3a0c5d5/attachment.pgp>

More information about the Xfce4-dev mailing list