|
| From: | Jeremy T. Bouse |
| Subject: | Re: [Sks-devel] Status flags are red |
| Date: | Mon, 28 Oct 2013 20:22:16 -0400 |
| User-agent: | Roundcube Webmail/0.7.1 |
On 28.10.2013 12:32, Kristian Fiskerstrand wrote:
On 10/28/2013 05:26 PM, Kiss Gabor (Bitman) wrote:BTW. A suggestion: yellow color could mean: SSL works but CA is other than expected.Red simply means that it is not considered for the pool, it is not in itself a status of success on the server. That said, I'll consider something like that. FWIW, you can use different certs for different hostnames using SNI, there are a few other servers like that in the pool, only offering the HKPS CA signed cert upon hkps.pool.sks-keyservers.net
Kristian,I use StartCom for my SSL CA provider and they allow SANs to be added for SNI. The only issue I could foresee is that in order to be able to use a domain for a SAN I need to verify the domain which is good for 30 days. It involves simply requesting the verification and then they send a code via email to the domain holder. I would assume that if I did so the verification code would go to you, question is would it be something to consider so that hkps.pool.sks-keyservers.net could be added as a SAN for my existing SSL configuration. I already have certs with other SANs in place on my servers. The other option would be potentially to use StartCom and setup an organizational verification with them. I do that for myself each year with a personal verification and then I verify my consulting company and client companies as organizations with myself as the responsible party. Costs me $60/year for my individual plus $60/year for each organization. I use them as I can then issue as many certificates under myself or organization for the year following the verification and the certs are good for 2 years.
| [Prev in Thread] | Current Thread | [Next in Thread] |