I recently became comfortable with the idea that security is a process, like almost everything else in computing. This realization also brought some comfort with some of my failings as a human being.

But it let me give myself permission to quickly create a self-signed SSL certificate for dugga.net without really understanding what I was doing. I learned that when openssl asks for a fully qualified domain name, it doesn't mean keep the trailing dot. After a support message to the good folks at May First/People Link, my web host, they let me know that in an SSL cert (and, I'm guessing, most places outside of DNS zone files) the trailing dot was odd, but not technically wrong.

However, SSL Labs' Server Test gave my cert an "F" for this very reason. I feel like a foreigner in my own tribe most of the time. Very clearly defined terms like "fully qualified domain name" are often interpreted differently depending on context, and experience and mistakes are the only methods of discovering the boundaries of the culture. This causes me a lot of anxiety.

I'll be fixing and upgrading my certificate soon. I'm asking myself to bare with myself during this time of transition.