[SAC] [OSGeo] #1633: Update OSGeo SSL certificate - if needed

Alex Mandel tech_dev at wildintellect.com
Tue Apr 26 22:30:07 PDT 2016 

No suggestions. We need a new top domain and wildcard cert in place end
of this week to avoid service interruption. While letsencrypt sounds
great I'm not ready to jump in without running it for a while on test
domains (volunteers welcome). Mostly I'm worried about the overhead of
dealing with renewals (automated or not), every 2 months we'd need to
make sure it goes smooth.

A brief review, our current provider
https://www.instantssl.com/compare-ssl-certificates.html want $405/yr

Looking at some reviews
https://www.ssl.com/buy-ssl-wildcard-certificate/ can give us the same
for ~$250/yr

I'm recommending 2-3 year cert this time (last time was a 5 yr). The
gives us some time to think and test, and things will probably change
even more in that time.

Please chime in, as we need to get this process started today. Alternate
suggested vendors are welcome.

Thanks,
Alex

On 04/20/2016 12:48 PM, Alex M wrote:
> This deadline is looming.
> 
> My recommendation, we take the weekend to shop around and buy a new cert
> for a better price for 3-5 years. Please everyone take 5 minutes to look
> for an option and reply to the thread with url and prices.
> Last time it was $1500 if I recall, I think we can at least get it down
> to $1000 just by using a different vendor.
> 
> If I understand correctly we have 2 certs (can someone verify)?
> osgeo.org
> *.osgeo.org
> 
> Long term we should start using letsencrypt on various other domains we
> host. Foss4g.org would be a good place to start.
> 
> We need to make the purchase roughly on Monday to have to time to get it
> verified, created and deployed next week.
> 
> Any opinions?
> 
> Thanks,
> Alex
> 
> 
> On 04/06/2016 08:59 AM, OSGeo wrote:
>> #1633: Update OSGeo SSL certificate - if needed
>> ---------------------------------+--------------------
>>  Reporter:  msmitherdc           |       Owner:  sac@…
>>      Type:  task                 |      Status:  new
>>  Priority:  normal               |   Milestone:
>> Component:  Systems Admin        |  Resolution:
>>  Keywords:  ssl web certificate  |
>> ---------------------------------+--------------------
>>
>> Comment (by wildintellect):
>>
>>  Will the letsencrypt cert work for our LDAP configuration?
>>  https://wiki.osgeo.org/wiki/SAC:SSLCert
>>  Do we have any other services outside of http/https that rely on a higher
>>  standard cert (svn, mail, git?).
>>
>>  I am +1 for adding letsencrypt as a service to all webites hosted on osgeo
>>  that are not *.osgeo.org domains. We would need a good cron job/process
>>  for staying up an the renewals.
>>
>>  Can someone shop around for types of certs and prices that meet our need?
>>
>> --
>> Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1633#comment:2>
>> OSGeo <http://www.osgeo.org/>
>> OSGeo committee and general foundation issue tracker.
>> _______________________________________________
>> Sac mailing list
>> Sac at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/sac
>>
> 
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
>

More information about the Sac mailing list