[SAC] Broken https and incorrect/expiring certs

Alex Lake alake at palantir.com
Wed Apr 6 12:50:16 PDT 2016 

Hello,

I am having issues accessing:
https://download.osgeo.org/webdav/geotools/<https://urldefense.proofpoint.com/v2/url?u=https-3A__download.osgeo.org_webdav_geotools_&d=CwMFAw&c=izlc9mHr637UR4lpLEZLFFS3Vn2UXBrZ4tFb6oOnmz8&r=bOmYm8mDloNHRaNOagZndBLZ6OwF6F2NupJ6wlVy5-M&m=r95AhJ879wey4X-NSVOetI_NOoAcLR-nB9t05-cTR1Y&s=QsCKwi1iDwlSVysDWOqAda664sJSBLvhqSSaUdLDC4I&e=> (and https://download.osgeo.org/<https://urldefense.proofpoint.com/v2/url?u=https-3A__download.osgeo.org_&d=CwMFAw&c=izlc9mHr637UR4lpLEZLFFS3Vn2UXBrZ4tFb6oOnmz8&r=bOmYm8mDloNHRaNOagZndBLZ6OwF6F2NupJ6wlVy5-M&m=r95AhJ879wey4X-NSVOetI_NOoAcLR-nB9t05-cTR1Y&s=GjOltiidkR9yIpNd2rzCHXzjhWXJy-tp4ZLFqEyyDE0&e=>)

HTTP works fine, but not HTTPS. HTTPS appears to run into an SSL protocol error.

https://www.geotools.org/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.geotools.org_&d=CwMFAw&c=izlc9mHr637UR4lpLEZLFFS3Vn2UXBrZ4tFb6oOnmz8&r=bOmYm8mDloNHRaNOagZndBLZ6OwF6F2NupJ6wlVy5-M&m=r95AhJ879wey4X-NSVOetI_NOoAcLR-nB9t05-cTR1Y&s=UFMNDfX-zig19lZvs3BXbYtIIT8Gph2snsPYg2LSGv4&e=> serves a cert with *.osgeo.org as the common name. This cert would work for download.osgeo.org, so it looks like all the pieces are in place to enable https.

Is there a chance someone could fix SSL for download.osgeo.org?

Thanks!

I also noticed the following:
1. geotools.org does not appear in the Common Name or the Subject Alternate Name for the cert referenced above, thus this cert cannot be used to verify the identity of www.geotools.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.geotools.org&d=CwMFAw&c=izlc9mHr637UR4lpLEZLFFS3Vn2UXBrZ4tFb6oOnmz8&r=bOmYm8mDloNHRaNOagZndBLZ6OwF6F2NupJ6wlVy5-M&m=r95AhJ879wey4X-NSVOetI_NOoAcLR-nB9t05-cTR1Y&s=nNUqDgJRlZnd4q1Mc_tpJV-jMOqe_-ByKDMm4rxYhcQ&e=>
2. The cert referenced above expires Sunday, May 1, 2016, which is in less than a month


Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20160406/11ac10b3/attachment.html>

More information about the Sac mailing list