At Mon, 16 Aug 2010 07:33:04 -0500, Rene Rivera wrote:
Just because a cert is not signed by a built-in CA doesn't make it invalid. Having either self signed certs or locally signed certs is a common occurrence (I do it for most of my own HTTPS/SSH sites). So I don't see a real reason to start paying a major CA for them to sign a cert.
I know that, but a lot of people don't. And web browsers are making untrusted CA signatures look increasingly alarming---it makes people nervous and degrades trust in Boost. I suppose, pretty soon, we may not need to have any https stuff on our own domain anyway, but as long as we do have to do that, it would be good to have a cert that doesn't raise any alarms. -- Dave Abrahams BoostPro Computing http://www.boostpro.com