[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8477) OpenLDAP.org has a broken TLS certificate

hyc@symas.com wrote:
> When I discussed this with Kurt, we decided to leave things as-is. Replacing 
> an expired self-signed cert with a non-expired self-signed cert wouldn't 
> change anything, you still need to set an explicit exception in your client to 
> trust the cert.

Hmm, but browsers will likely not allow adding an exception anymore in the near
future. And e.g. using Let's Encrypt isn't that hard (even without installing
the bloated standard client on the system).

Ciao, Michael.