[SAC] SSL Certificate Followup
Alex Mandel
tech_dev at wildintellect.com
Fri Apr 29 20:37:37 PDT 2016
On 2016-04-29 10:31, Alex M wrote:
> Ok, I've got the new cert and have tested it on
> https://live.osgeo.org/en/index.html
>
> The only concern that came up, is the new certificate is a Domain
> Validation cert, as opposed to an Organizational Validation (OV) cert.
>
> The difference, from what I can see is that if you view the certificate
> information, the organization line is not filled in.
>
> Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
> paid ~$250/yr). So really about the same price per year to continue with
> the OV cert.
>
> Does anyone have an opinion on this? I suppose this is also the
> difference if we move to letsencrypt.
>
> Thanks,
> Alex
Not sure if this is a + or - , Uber uses the cheaper DV for it's
website. No one has an opinion on this? I'd say we need to decide by end
of next week, since we can cancel our new purchase, and still renew the
old cert provider. Maybe I'll talk to people at Foss4gNA about it.
Seems we need to start moving sites tonight to the new cert we have.
Procedure is copy the files from secure to the host with *.osgeo sites.
Then in apache add/replace in ssl site-available configs, note grep all
the sites-available for 443 to find the SSL configs.
SSLEngine on
SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
This needs to happen on:
web (osgeo.org)
osgeo6 ( various projects like grass.osgeo)
tracsvn
webextra (osgeo journal)
wiki
download
adhoc?
Any volunteers? Needs to happen before May 1st.
Thanks,
Alex
More information about the Sac
mailing list