[SAC] SSL Certificate Followup - Urgent
Alex Mandel
tech_dev at wildintellect.com
Sat Apr 30 18:00:35 PDT 2016
webextra(journal and live) done.
osgeo6( grass, grasswiki, and lists) done.
no sites on adhoc or downloads have ssl currently.
Biggest thing I noticed, we still have some sites that don't redirect
logins to always use https. Also some sites have mixed content, fdo and
journal, we should find a fix for that.
Let me know if I missed any sites.
Thanks,
Alex
On 2016-04-30 17:42, Alex Mandel wrote:
> web (www and fdo) done
>
> On 2016-04-30 17:26, Alex Mandel wrote:
>> wiki done.
>>
>> On 2016-04-30 17:17, Alex Mandel wrote:
>>> trac,git and subversion (tracsvn) done.
>>>
>>> I could use some help rolling this out, as some timezones are already
>>> hitting the expiration date.
>>>
>>> Find me on IRC if you can help.
>>>
>>> Thanks,
>>> Alex
>>>
>>>
>>> On 2016-04-29 20:37, Alex Mandel wrote:
>>>> On 2016-04-29 10:31, Alex M wrote:
>>>>> Ok, I've got the new cert and have tested it on
>>>>> https://live.osgeo.org/en/index.html
>>>>>
>>>>> The only concern that came up, is the new certificate is a Domain
>>>>> Validation cert, as opposed to an Organizational Validation (OV) cert.
>>>>>
>>>>> The difference, from what I can see is that if you view the certificate
>>>>> information, the organization line is not filled in.
>>>>>
>>>>> Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
>>>>> paid ~$250/yr). So really about the same price per year to continue with
>>>>> the OV cert.
>>>>>
>>>>> Does anyone have an opinion on this? I suppose this is also the
>>>>> difference if we move to letsencrypt.
>>>>>
>>>>> Thanks,
>>>>> Alex
>>>>
>>>> Not sure if this is a + or - , Uber uses the cheaper DV for it's
>>>> website. No one has an opinion on this? I'd say we need to decide by end
>>>> of next week, since we can cancel our new purchase, and still renew the
>>>> old cert provider. Maybe I'll talk to people at Foss4gNA about it.
>>>>
>>>> Seems we need to start moving sites tonight to the new cert we have.
>>>> Procedure is copy the files from secure to the host with *.osgeo sites.
>>>>
>>>> Then in apache add/replace in ssl site-available configs, note grep all
>>>> the sites-available for 443 to find the SSL configs.
>>>>
>>>> SSLEngine on
>>>> SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
>>>> SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
>>>> SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
>>>>
>>>> This needs to happen on:
>>>> web (osgeo.org)
>>>> osgeo6 ( various projects like grass.osgeo)
>>>> tracsvn
>>>> webextra (osgeo journal)
>>>> wiki
>>>> download
>>>> adhoc?
>>>>
>>>>
>>>> Any volunteers? Needs to happen before May 1st.
>>>>
>>>> Thanks,
>>>> Alex
More information about the Sac
mailing list