Go Europe! Een nieuwe stap in het gebruik van meer Europese diensten. We hebben al onze LetsEncrypt SSL-certificaten (die gebruik je om veilig verbinding te maken met een website, https) vervangen door certificaten van Actalis. Dit werkt ook prima samen met certbot, en is ook gratis, maar dan wel Europees. #letsencrypt #europa #actalis #certbot #locaverdi

@Vivaldi @StartpageSearch @Qwant @ecosia @protonprivacy @jottacloud

#arubahosting for could and #actalis for SSL certificates: both italian companies.

Hat hier jemand schon Erfahrungen mit https://www.actalis.com als Ersatz und Alternative zu Let's Encrypt?
#tls #certificates #ssl #actalis #letsencrypt

@eigengott
Ja, gibt es.

https://european-alternatives.eu/de/kategorie/acme-ssl-zertifikat-anbieter

Vorher war die ZeroSSL GmbH für ACME klar zu empfehlen (keine rate limits und erlaubt multi-domains (SAN) certificates).
Mittlerweile wurde das Unternehmen durch einen Konzern aus Texas aufgekauft, wenn ich mich nicht irre. Schade war es.

#DID #acme #europeanAlternatives #dut #le #zerossl #Actalis #ActalisSSL

Für den Fall das jemand nach einem kostenlosen #smime #zertifikat sucht um seine E-Mails zu signieren oder zu verschlüsseln.

Bei #actalis actalis.com kann man sich kostenlose eins für ein Postfach für 1 Jahr anfordern und herunterladen.

Leider sind die #SMIME Zertifikate von #actalis nicht mehr kostenlos. Kennt ihr einen adäquaten Ersatz für den persönlichen Gebrauch?

@benjojo Thanks. I was curious and checked https://acmeclients.com/certificate-authorities/. This way I found #Actalis, a trusted Italian CA. They clearly offer some ACME support, but their free plan has no wildcard support and only a single domain (total or per certificate?) https://www.actalis.com/subscription

#TLS #CA #Certificate #ACME

Partnership Actalis - Alleantia: nasce il progetto "Trusted IoT": Actalis prima Certification Authority europea per gli SSL, parte del gruppo Aruba, qualificata secondo il regolamento eIDAS per l’erogazione di servizi certificati e riconosciuta in tutto il mondo per l’emissione di certificati SSL server - ha stretto una partnership con Alleantia, realta’...
#Actalis #Alleantia #GiorgioGirelli #TrustedIoT http://dlvr.it/SxpJ9s #News

@duxsco

You are absolutely right, they do, but it is the only free certificate available at the moment, which is still trusted by the email clients and CAs.

Buying a certificate with a proper CSR as you described, is the correct approach, but it costs 8 EUR per year per email account.

In a way that is why I prefer #openpgp, you are absolutely right in pointing out that #actalis has access to the private key, which is an unacceptable security risk for any application different than just signing trivial emails.

@jwildeboer

@jwildeboer I have been using S/MIME with #Thunderbird since at least 2015.

Many of the reasons described in the #letsEncrypt forum are true, which does not mean S/MIME is impossible to fix or use.

There is native support for S/MIME in many email clients both desktop and mobile/tablet, including most of the 'stock' clients installed by default in most of the devices, so this is not an issue.

I think the big problems are basically 2:

1.- Having a throwaway key and certificate every 30 days (as we do with Letsencrypt SSL/TLS) is very inconvenient because we would need to keep a long collection of them in order access old messages.

2.- People access their email from multiple devices, so syncing the private key securely across all of them becomes a challenge.

For the tech savvy, both problems are manageable:

1.- You can get a free S/MIME certificate from #Actalis valid for 1 year here:

https://www.actalis.com/s-mime-certificates.aspx

***
Please read a very important reply to this post by @duxsco pointing out to the insecurity of the Actalis certificate, and providing a secure but not free alternative.
***

2.- You can manually add this certificate to all your devices and keep an encrypted/secure repository with all your old keys and certificates in case you need to access your archived email.

I've been doing exactly that for years and it is just fine for signing my email.

IMHO for 'fixing' the whole signing and encryption of emails, #OpenPGP is conceptually closer to be a more consistent solution, and I use it with everyone who understands it, but I have to admit that the ecosystems is far less ready than for S/MIME (you will need to use specialised apps or installed plugins, etc.), Thunderbird being a shining exception.

PGP has several very powerful advantages:

1.- You don't need a CA for the sole purpose of generating your keys.

2.- You can use the same keys for many years.

3.- People who really trust each other can sign each other's keys creating a web-of-trust.

4.- There is a free network of keyservers where you can upload your public keys and make them available to everyone.

5.- Most people these days have their own website, blog or social media account where they can publish their public keys for cases when they distrust the public servers. They can manually exchange them too.

In the long run I believe we should promote the adoption of OpenPGP instead of S/MIME, with more people using it, native support should follow.

I am not an expert though, so I'd love to hear from others too. 😊

#pgp #gpg #privacidadebemboa

When you request a S/MIME certificate from #actalis.it CA, they generate a private key for you! Is this some kind of clue check to see what idiots use this? What a waste of time! #security #fail #smime #encryption #email #privacy