Brion Vibber <brion(a)wikimedia.org> wrote:
>> Pretty much, yeah. :) We put
"real" certs on public-facing sites, but
>> just haven't bothered with what is essentially our tech department
>> intranet. (But since we're crazy people it's open if you want
>> to look at
>> it!)
> Wouldn't it be safer, and more
convenient, to have internal sites use an
> internally created CA instead of self-signed certificates?
Safer, but less convenient as it would take us a
few extra minutes to
set up which we might as well spend on buying an $8 public-friendly cert. ;)
Does this mean that if I make an earmarked donation we could
close this thread? :-)
Can I chip in a few more bucks to get the old MD5-hashed certs (like the
one for
) replaced? They may technically still be
safe (if just barely), but at least the "SSL Blacklist" Firefox
extension throws up a big scary warning about them and it's annoying to
have to click through it.
--
Ilmari Karonen