@pfg: I know exactly how CAs work. I've built several. Wosign does not issue a cert without an email verification. You can look on their website. There's a nice big box to enter an email address to verify your domain…
Of course the cross signed cert works! That not the point. The cross signature is worthless if the signed cert beneath it is self-signed. If Identrust cross signed self signed certs, the self signed cert would be…
Oh yeah! sure... what exactly ensures that the DV cert is a DV cert?
The cross sign is too far up the chain. If you cross sign a self-signed cert what do you get? A Let's Encrypt Cert. Domain Ownership is not the same as file ownership.
No, it doesn't. Lets Encrypt certs are equivalent to self-signed certs. No hassle ==> broken shit.
a2enmod headers echo -e "ServerSignature Off\nServerTokens Prod" >> /etc/apache2/apache2.conf /etc/init.d/apache2 restart openssl req -new -nodes -keyout webappsec-test.info.key -out webappsec-test.info.csr -newkey…
@pfg: I know exactly how CAs work. I've built several. Wosign does not issue a cert without an email verification. You can look on their website. There's a nice big box to enter an email address to verify your domain…
Of course the cross signed cert works! That not the point. The cross signature is worthless if the signed cert beneath it is self-signed. If Identrust cross signed self signed certs, the self signed cert would be…
Oh yeah! sure... what exactly ensures that the DV cert is a DV cert?
The cross sign is too far up the chain. If you cross sign a self-signed cert what do you get? A Let's Encrypt Cert. Domain Ownership is not the same as file ownership.
No, it doesn't. Lets Encrypt certs are equivalent to self-signed certs. No hassle ==> broken shit.
a2enmod headers echo -e "ServerSignature Off\nServerTokens Prod" >> /etc/apache2/apache2.conf /etc/init.d/apache2 restart openssl req -new -nodes -keyout webappsec-test.info.key -out webappsec-test.info.csr -newkey…