On 28/01/16 10:55, sycamoreone wrote:
> flapflap:
>> I get a certificate warning when visiting https://git.tails.boum.org,
>> issued by immerda.ch.
>
> The certificate served by https://git.tails.boum.org is signed by
> immerda.ch itself (CN of the issuer is immerda_public_web_4-ca), so it
> won't be accepted by browser by default.
and tails.boum.org / boum.org use a wildcard certificate *.boum.org
issued by Gandi
> But this is probably not much of a problem, as I don't believe that site
> is really for general use: The official place for Tails' Git
> repositories is https://git-tails.immerda.ch/, which has a proper
> certificate signed by Gandi Standard SSL CA 2. git.tails.boum.org is
> only used by "developers with write access to the repositories" (see
> https://tails.boum.org/contribute/git/).
>
> That of course doesn't mean that having a letsencrypt certificate
> wouldn't be great :).
I guess it depends on what the certificate is intended to be used for. I
think supporting CA-Cert is also a good thing (tm).
Whatever, I guess documented consistency is important.
Shine,
Adam.