SSL Certificates are expensive, and most CAs aren’t that respectable anyhow, so why are we all using their certificates to prove we trust each other? I figure you’re here for one of two reasons. You’re either my friend and got here accidentally or you’re looking for computer advice; you either trust me because we’re friends, or you trust me enough to make your computer work better.
Either way, you trust me enough to bypass the invalid SSL warning that people get when viewing my site. Since most of what I write isn’t end-user oriented, I make a lot of assumptions, and one of those is that it is easier to add an exception than it is to constantly click ‘go ahead’. Rather than doing that, I figured I’d make available the CA chain for my home DC, so that you too can do things properly.
Most people agree that CA’s are bad because who knows if you can trust them, they constantly fuck up their own security, knowingly issue keys to generate fake SSL certificates, charge extortionate rates, and generally behave unlike someone I should trust.
I’d much rather be able to add certificate chains based on the level of trust I place in a website than rely on some corporate list of companies that continue to prove themselves untrustable. So, here’s my CA info. This is run off of a domain controller I have in my house, and the following will always link to the latest Certificate, CA Chain, and revocation lists:
The CRL has two parts, the Base, which is the whole list, and the Delta, which is the differential between the previous version. You probably want the full version if you didn’t already know that.
Certificate Authority Chain:
I’ll be switching the site to self-signed certs as soon as my current cert expires. So, still a while to go.
UPDATE: Turns out doing this just knocks your web traffic down by about 95%, so don’t bother. :(