Re: dumb question about SSL
- Date: Sat, 12 Jan 2019 09:56:49 -0500
- From: Roberto C. Sánchez <roberto@xxxxxxxxxx>
- Subject: Re: dumb question about SSL
On Sat, Jan 12, 2019 at 09:27:01AM +0000, Joe wrote:
> Apache should be quite happy with the 'snakeoil' certificate made by
> Debian when it is installed.
Which should not be used in production or even in testing, as it
increases the likelihood that it will accidentally be deployed that way.
> There are a couple of other things that
> need to be done for SSL to work (such as enabling the Apache SSL
> module) and it's long enough ago that I did it last that you had better
> look up a few tutorials. If you need to make your web server available
> publicly (and the best of luck if you have the courage to do that) then
> its certificate must be traceable back to a public CA.
That depends on who will be accessing the server in a way that requires
trusting the server. A self-managed CA or even a self-signed
certificate may be perfectly adequate for a single user or small number
Roberto C. Sánchez