INTL 3:770/1 3:770/3   
   REPLYADDR bp@www.zefox.net   
   REPLYTO 3:770/3.0 UUCP   
   MSGID:  df9164ce   
   REPLY:  7efa55fc   
   PID: SoupGate-Win32 v1.05   
   Lawrence D'Oliveiro  wrote:   
   > On Sun, 1 Sep 2024 00:23:58 -0000 (UTC), bp wrote:   
   >   
   >> Lawrence D'Oliviero's reply following yours touches on what I suspect is   
   >> my greatest misunderstanding: I thought a self-signed certificate stood   
   >> on its own.   
   >   
   > You can do it that way. That requires importing every single self-signed   
   > cert one by one.   
      
   That's what I thought the instructions cited in the FreeBSD Handbook did   
   and what I was trying to do initially.   
      
      
   > If you need several of these, then setting up your own CA   
   > just makes things simpler.   
      
   It appears there's something fundamental that I'm not understanding 8-(   
      
   In principle it would make sense to make a root CA for the   
   three domains (zefox.com, zefox.net and zefox.org) under my control   
   but if I disturb that one CA up all three become unreliable. I'm   
   starting with one domain (and its only physical host) in an attempt   
   to grade the learning curve a little flatter.   
      
   Thanks for writing!   
      
   bob prohaska   
      
   --- SoupGate-Win32 v1.05   
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)   
   SEEN-BY: 19/38 90/1 105/81 106/201 129/305 153/757 7715 218/700 840   
   SEEN-BY: 220/70 226/17 30 100 227/114 229/110 111 114 200 206 300   
   SEEN-BY: 229/317 400 426 428 470 550 616 664 700 266/512 267/800 282/1038   
   SEEN-BY: 291/111 292/854 310/31 320/219 322/757 342/200 396/45 460/58   
   SEEN-BY: 633/280 281 412 418 420 509 2744 712/848 770/1 3 100 330   
   SEEN-BY: 770/340 772/210 220 230 5020/400 5075/35   
   PATH: 770/3 1 633/280 229/426