Web lists-archives.com

Re: dumb question about SSL

On Sat, Jan 12, 2019 at 09:27:01AM +0000, Joe wrote:
> Apache should be quite happy with the 'snakeoil' certificate made by
> Debian when it is installed.

Which should not be used in production or even in testing, as it
increases the likelihood that it will accidentally be deployed that way.

> There are a couple of other things that
> need to be done for SSL to work (such as enabling the Apache SSL
> module) and it's long enough ago that I did it last that you had better
> look up a few tutorials. If you need to make your web server available
> publicly (and the best of luck if you have the courage to do that) then
> its certificate must be traceable back to a public CA.
That depends on who will be accessing the server in a way that requires
trusting the server.  A self-managed CA or even a self-signed
certificate may be perfectly adequate for a single user or small number
of users.



Roberto C. Sánchez