<html><head></head><body>Perhaps it's worth turning https on for all sites, then cleaning up these kinds of things? <br><br><div class="gmail_quote">On May 1, 2016 11:13:40 PM GMT+08:00, Alex Mandel <tech_dev@wildintellect.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">Planet like many other sites, never had an https configuration. I have<br />added one now, however this site has the mixed content error, where some<br />parts are not delivered over https.<br /><br />This is often because js, css or image file locations are hard coded<br />with http:// instead of being dynamic. Someone more familiar with the<br />planet software, should look into that.<br /><br />Thanks,<br />Alex<br /><br />On 05/01/2016 04:28 AM, Jorge Sanz wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> Hi Alex,<br /> <br /> <a href="https://planet.osgeo.org">https://planet.osgeo.org</a> is showing the journal site, can you fix it,<br /> please?<br /> <br /> Thanks!<br /> --<br /> Jorge Sanz<br /> <br /> Sent from my phone, excuse my brevity.<br /> El 1/5/2016 3:00, "Alex Mandel" <tech_dev@wildintellect.com> escribió:<br /> <br /><blockquote class="gmail_quote"
style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"> webextra(journal and live) done.<br /> osgeo6( grass, grasswiki, and lists) done.<br /><br /> no sites on adhoc or downloads have ssl currently.<br /><br /> Biggest thing I noticed, we still have some sites that don't redirect<br /> logins to always use https. Also some sites have mixed content, fdo and<br /> journal, we should find a fix for that.<br /><br /> Let me know if I missed any sites.<br /><br /> Thanks,<br /> Alex<br /><br /> On 2016-04-30 17:42, Alex Mandel wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"> web (www and fdo) done<br /><br /> On 2016-04-30 17:26, Alex Mandel wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"> wiki done.<br /><br /> On 2016-04-30 17:17, Alex Mandel wrote:<br /><blockquote class="gmail_quote"
style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"> trac,git and subversion (tracsvn) done.<br /><br /> I could use some help rolling this out, as some timezones are already<br /> hitting the expiration date.<br /><br /> Find me on IRC if you can help.<br /><br /> Thanks,<br /> Alex<br /><br /><br /> On 2016-04-29 20:37, Alex Mandel wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"> On 2016-04-29 10:31, Alex M wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"> Ok, I've got the new cert and have tested it on<br /> <a href="https://live.osgeo.org/en/index.html">https://live.osgeo.org/en/index.html</a><br /><br /> The only concern that came up, is the new certificate is a Domain<br /> Validation cert, as opposed to an Organizational Validation (OV)<br
/></blockquote></blockquote></blockquote></blockquote></blockquote> cert.<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"><br /> The difference, from what I can see is that if you view the<br /></blockquote></blockquote></blockquote></blockquote></blockquote> certificate<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt
1ex
0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"> information, the organization line is not filled in.<br /><br /> Comodo has offered us a renewal package, for 5 years at ~$1200 (we<br /></blockquote></blockquote></blockquote></blockquote></blockquote> just<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"><blockquote
class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"> paid ~$250/yr). So really about the same price per year to continue<br /></blockquote></blockquote></blockquote></blockquote></blockquote> with<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"> the OV cert.<br /><br /> Does anyone
have an
opinion on this? I suppose this is also the<br /> difference if we move to letsencrypt.<br /><br /> Thanks,<br /> Alex<br /></blockquote><br /> Not sure if this is a + or - , Uber uses the cheaper DV for it's<br /> website. No one has an opinion on this? I'd say we need to decide by<br /></blockquote></blockquote></blockquote></blockquote> end<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"> of next week, since we can cancel our new purchase, and still renew<br /></blockquote></blockquote></blockquote></blockquote> the<br /><blockquote class="gmail_quote"
style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"> old cert provider. Maybe I'll talk to people at Foss4gNA about it.<br /><br /> Seems we need to start moving sites tonight to the new cert we have.<br /> Procedure is copy the files from secure to the host with *.osgeo<br /></blockquote></blockquote></blockquote></blockquote> sites.<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><blockquote class="gmail_qu
ote"
style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"><br /> Then in apache add/replace in ssl site-available configs, note grep<br /></blockquote></blockquote></blockquote></blockquote> all<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"> the sites-available for 443 to find the SSL configs.<br /><br /> SSLEngine on<br /> SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt<br /> SSLCertificateKeyFile
/etc/ssl/private/star_osgeo_org2016.key<br /> SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt<br /><br /> This needs to happen on:<br /> web (<a href="http://osgeo.org">osgeo.org</a>)<br /> osgeo6 ( various projects like grass.osgeo)<br /> tracsvn<br /> webextra (osgeo journal)<br /> wiki<br /> download<br /> adhoc?<br /><br /><br /> Any volunteers? Needs to happen before May 1st.<br /><br /> Thanks,<br /> Alex<br /></blockquote></blockquote></blockquote></blockquote><br /><hr /><br /> Sac mailing list<br /> Sac@lists.osgeo.org<br /> <a href="http://lists.osgeo.org/mailman/listinfo/sac">http://lists.osgeo.org/mailman/listinfo/sac</a><br /></blockquote> <br /></blockquote><br /><hr /><br />Sac mailing list<br />Sac@lists.osgeo.org<br /><a href="http://lists.osgeo.org/mailman/listinfo/sac">http://lists.osgeo.org/mailman/listinfo/sac</a></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>