diff --git a/certificate.md b/certificate.md index 4137c4ff..525c8957 100644 --- a/certificate.md +++ b/certificate.md @@ -1,17 +1,14 @@ -#Certificate +# Certificate -Certificates are used to certify that your server is the genuine one and not a falsified one. +Certificates are used to certify that your server is the genuine one, and not an attacker trying to impersonate it. -YunoHost provides a **self-signed** certificate, it means that your server guaranty the certificate validity. It's enough **for personal usage**, because you trust your own server. But this could be a problem if you want to open access to anonymous like web user for a website. -Concretely users will go throw a screen like this: +YunoHost provides a **self-signed** certificate, it means that your server guaranties the certificate validity. It's enough **for personal usage**, because you trust your own server. But this could be a problem if you want to open access to anonymous like web user for a website. + +In practice, visitors will see a screen list this: -This screen ask to the user : **"Do you trust this server that host this website?"** -It could frighten a lot of users (rightly). - -To avoid this confusion, it's possible to get a signed certificate by a "known" authority : **Gandi**, **RapidSSL**, **StartSSL**, **CaCert**. -In these cases, the point is to replace the self-signed certificate with the one that has been certified by a certificate authority, and the users won't have this warning screen anymore. +Which basically asks the visitor : **"Do you trust the server hosting this website?"**. This can rightfully frighten a lot of people. To avoid this confusion, it's possible to get a certificate signed a known authority named **Let's Encrypt** which provide free certificates directly