[SAC] SSL Certificate Followup - Urgent
Alex Mandel
tech_dev at wildintellect.com
Sat Apr 30 17:26:35 PDT 2016
wiki done.
On 2016-04-30 17:17, Alex Mandel wrote:
> trac,git and subversion (tracsvn) done.
>
> I could use some help rolling this out, as some timezones are already
> hitting the expiration date.
>
> Find me on IRC if you can help.
>
> Thanks,
> Alex
>
>
> On 2016-04-29 20:37, Alex Mandel wrote:
>> On 2016-04-29 10:31, Alex M wrote:
>>> Ok, I've got the new cert and have tested it on
>>> https://live.osgeo.org/en/index.html
>>>
>>> The only concern that came up, is the new certificate is a Domain
>>> Validation cert, as opposed to an Organizational Validation (OV) cert.
>>>
>>> The difference, from what I can see is that if you view the certificate
>>> information, the organization line is not filled in.
>>>
>>> Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
>>> paid ~$250/yr). So really about the same price per year to continue with
>>> the OV cert.
>>>
>>> Does anyone have an opinion on this? I suppose this is also the
>>> difference if we move to letsencrypt.
>>>
>>> Thanks,
>>> Alex
>>
>> Not sure if this is a + or - , Uber uses the cheaper DV for it's
>> website. No one has an opinion on this? I'd say we need to decide by end
>> of next week, since we can cancel our new purchase, and still renew the
>> old cert provider. Maybe I'll talk to people at Foss4gNA about it.
>>
>> Seems we need to start moving sites tonight to the new cert we have.
>> Procedure is copy the files from secure to the host with *.osgeo sites.
>>
>> Then in apache add/replace in ssl site-available configs, note grep all
>> the sites-available for 443 to find the SSL configs.
>>
>> SSLEngine on
>> SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
>> SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
>> SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
>>
>> This needs to happen on:
>> web (osgeo.org)
>> osgeo6 ( various projects like grass.osgeo)
>> tracsvn
>> webextra (osgeo journal)
>> wiki
>> download
>> adhoc?
>>
>>
>> Any volunteers? Needs to happen before May 1st.
>>
>> Thanks,
>> Alex
>> _______________________________________________
>> Sac mailing list
>> Sac at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/sac
>>
>
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
>
More information about the Sac
mailing list