[olug] Building a web server for both security and performance in 2011

[Rob Townley]

It is worth remembering StartSSL was hacked this year, so if you have
a highly sensitive data, then you probably want to use a better
Certificate Authority.   FWIR, the attack was not as bad as the Comodo
attack in which a password was embedded in a .dll that was
downloadable and then used to get fraudulent google and microsoft and
yahoo and skype certificates.  However, details were not disclosed to
the public, so who knows.

If you run your own Certificate Authority, keep the top level
certificate offline completely after it used to create an intermediate
level authority.