Yes, letsencrypt.org is an effort to make it possible for small folks like us to have ssl certs, adressing both cost and complexity. In the meantime, I've done self-signed ones, but installation is a pain... --dave On 03/23/2015 09:21 PM, Christopher Browne wrote:
Someone (I don't know whom) wasn't thrilled to have their Mailman password sent to our web site via non-SSL, hence non-encrypted connection. Which points to it being desirable to have an SSL cert.
We could doubtless set up a self-signed cert; that's obviously not going to go through without "oh, that mightn't be totally legit" warnings.
We'd not be overly keen on "spending all our substance" on SSL certs, not when the only use is to protect Mailman passwords. I hear Mozilla may be coming out with something later this year (something called "letsencrypt.org"); anyone have other bright ideas?
-- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest davecb@spamcop.net | -- Mark Twain