[150195] in North American Network Operators' Group
Re: X.509 Certs For Personal Use
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Sat Feb 18 13:58:08 2012
In-Reply-To: <20120218104452.62cc383e@milhouse>
Date: Sat, 18 Feb 2012 13:57:25 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Feb 18, 2012 at 10:44 AM, John Peach <john-nanog@johnpeach.com> wro=
te:
> On Sat, 18 Feb 2012 14:27:05 +0100
> Phil Regnauld <regnauld@nsrc.org> wrote:
>
>> toor (lists) writes:
>> > I use http://www.startssl.com/ for all my personal certifcates. I have
>> > not had any issues with the validations (once you have an account you
>> > can validate a domain by sending an email to a predefined list of
>> > contact addresses) and the certificates are issued instantly.
>>
>> =A0 =A0 =A0 "Your request is being held up for review by our personnel".
>>
>> =A0 =A0 =A0 Up to 6 hours. Must be their definition of instant :)
>
> It's nice to see that they actually do random reviews, rather than just
> issuing everything requested. I use startssl and have not had anything
> held for review.
I've had most of mine held, but almost always I get a response in side
of 20 mins. Really, what I care about here is:
1) cert validates in almost all clients (mozilla/chrome/mail.app)
2) controlled/secured by my key, not something made up on the server side
3) not paying money for random bytes.
it works and eddy's pretty quick on requests.
-chris
>>
>> =A0 =A0 =A0 Cheers,
>> =A0 =A0 =A0 Phil
>>
>
>
> --
> John
>
