discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] [TLD Discussion] .ssl

From: "Dmitry S. Nikolaev" <dn AT mega-net.ru>
To: discuss AT lists.opennicproject.org
Subject: Re: [opennic-discuss] [TLD Discussion] .ssl
Date: Mon, 1 Jan 2018 09:36:59 +0300
Organization: OOO Meganet-2003

I think it will be useless to do CA this way. Especially for users who
are not administrators.

Web-interface needed if you want users to use it.

Yes, you can tell that web-interface is not secured and I will agree.
But you can divide CA project in two parts:
- web-interface
- CA functions
And separate them to different servers.
Web-interface send commands to CA via client-server only and so you can
strictly firewall CA server.

This way I done it when wrote own CA for my company.
Maybe my experience will be useful for you.

With best regards, Dmitry S. Nikolaev
Moscow, Russia

On 01.01.2018 04:12, Jonah Aragon wrote:
> https://github.com/moderntld/moderntld-trust-store
>
> Jonah

[opennic-discuss] [TLD Discussion] .ssl, Matthias Merkel, 01/01/2018
- Re: [opennic-discuss] [TLD Discussion] .ssl, gitgud, 01/01/2018
  - Re: [opennic-discuss] [TLD Discussion] .ssl, Matthias Merkel, 01/01/2018
- Re: [opennic-discuss] [TLD Discussion] .ssl, Megan Parat, 01/01/2018
- Re: [opennic-discuss] [TLD Discussion] .ssl, Rouben, 01/01/2018
  - Re: [opennic-discuss] [TLD Discussion] .ssl, Matthias Merkel, 01/01/2018
- Re: [opennic-discuss] [TLD Discussion] .ssl, opennic, 01/01/2018
- Re: [opennic-discuss] [TLD Discussion] .ssl, Jonah Aragon, 01/01/2018
  - Re: [opennic-discuss] [TLD Discussion] .ssl, Matthias Merkel, 01/01/2018
    - Re: [opennic-discuss] [TLD Discussion] .ssl, Jonah Aragon, 01/01/2018
      - Re: [opennic-discuss] [TLD Discussion] .ssl, Dmitry S. Nikolaev, 01/01/2018
        
        Re: [opennic-discuss] [TLD Discussion] .ssl, Jonah Aragon, 01/01/2018
- Re: [opennic-discuss] [TLD Discussion] .ssl, Daniel Quintiliani, 01/01/2018