[Board] [SAC] SSL Certificate Policy

Alex M tech_dev at wildintellect.com
Fri May 6 09:55:10 PDT 2016

For me it was a philosophy question. Does the board care, or the
community care if we don't have a Org Validated certificate? So far most
of SAC has very little opinion on the topic. Martin prefers OV, because
thats the tradition with Orgs.


On 05/06/2016 12:50 PM, Jody Garnett wrote:
> I do not think the board needs a position, we are happy to be guided by the
> system admin committee in this (and many matters) :D
> I would tend to error on the side of less volunteer time as a rule, but it
> is really up to SAC.
> --
> Jody Garnett
> On 6 May 2016 at 11:06, Alex M <tech_dev at wildintellect.com> wrote:
>> OSGeo Board,
>> We recently renewed the SSL certificate for the *.osgeo.org domains. In
>> doing so there's an unresolved policy question I'd like to get answered.
>> Our old certificate was Org Validated (OV). All that means is that the
>> certificate authority does a little extra checking on the org, it's
>> slightly more expensive (~$150+/yr), and that it's harder to change
>> anything in our account related to the certificate. The outward facing
>> result is that if you read the certificate details the Organization(O)
>> line is filled out.
>> The new certificate (because we were on a time crunch) is a Domain
>> Validated (DV). It's a little cheaper, and way easier to login and work
>> with. It's also similar enough to Mozilla's new letsencrypt project that
>> we might be able to switch to that later on.
>> From a money perspective, I don't think the difference between $250 vs
>> $400 a year is big difference. From a technical perspective both work,
>> equally well. Other orgs seems to mostly use OV certificates. But I've
>> found very few people who seem to care, and you can't really tell unless
>> you open the certificate details.
>> The only thing that would happen now if we change back to OV, is that it
>> will take more volunteer hours to get the new one, cancel the current
>> one (100% refund is not an issue in the 1st 30 days).
>> Does the board have a position on if they want to use an OV or are
>> people content with the DV certificates?
>> Thanks,
>> Alex
>> Sys Admin Committee

More information about the Board mailing list