[SAC] SSL Certificate Followup - Urgent

Jorge Sanz jsanz at osgeo.org
Sun May 1 04:28:55 PDT 2016 

Hi Alex,

https://planet.osgeo.org is showing the journal site, can you fix it,
please?

Thanks!
--
Jorge Sanz

Sent from my phone, excuse my brevity.
El 1/5/2016 3:00, "Alex Mandel" <tech_dev at wildintellect.com> escribió:

> webextra(journal and live) done.
> osgeo6( grass, grasswiki, and lists) done.
>
> no sites on adhoc or downloads have ssl currently.
>
> Biggest thing I noticed, we still have some sites that don't redirect
> logins to always use https. Also some sites have mixed content, fdo and
> journal, we should find a fix for that.
>
> Let me know if I missed any sites.
>
> Thanks,
> Alex
>
> On 2016-04-30 17:42, Alex Mandel wrote:
> > web (www and fdo) done
> >
> > On 2016-04-30 17:26, Alex Mandel wrote:
> >> wiki done.
> >>
> >> On 2016-04-30 17:17, Alex Mandel wrote:
> >>> trac,git and subversion (tracsvn) done.
> >>>
> >>> I could use some help rolling this out, as some timezones are already
> >>> hitting the expiration date.
> >>>
> >>> Find me on IRC if you can help.
> >>>
> >>> Thanks,
> >>> Alex
> >>>
> >>>
> >>> On 2016-04-29 20:37, Alex Mandel wrote:
> >>>> On 2016-04-29 10:31, Alex M wrote:
> >>>>> Ok, I've got the new cert and have tested it on
> >>>>> https://live.osgeo.org/en/index.html
> >>>>>
> >>>>> The only concern that came up, is the new certificate is a Domain
> >>>>> Validation cert, as opposed to an Organizational Validation (OV)
> cert.
> >>>>>
> >>>>> The difference, from what I can see is that if you view the
> certificate
> >>>>> information, the organization line is not filled in.
> >>>>>
> >>>>> Comodo has offered us a renewal package, for 5 years at ~$1200 (we
> just
> >>>>> paid ~$250/yr). So really about the same price per year to continue
> with
> >>>>> the OV cert.
> >>>>>
> >>>>> Does anyone have an opinion on this? I suppose this is also the
> >>>>> difference if we move to letsencrypt.
> >>>>>
> >>>>> Thanks,
> >>>>> Alex
> >>>>
> >>>> Not sure if this is a + or - , Uber uses the cheaper DV for it's
> >>>> website. No one has an opinion on this? I'd say we need to decide by
> end
> >>>> of next week, since we can cancel our new purchase, and still renew
> the
> >>>> old cert provider. Maybe I'll talk to people at Foss4gNA about it.
> >>>>
> >>>> Seems we need to start moving sites tonight to the new cert we have.
> >>>> Procedure is copy the files from secure to the host with *.osgeo
> sites.
> >>>>
> >>>> Then in apache add/replace in ssl site-available configs, note grep
> all
> >>>> the sites-available for 443 to find the SSL configs.
> >>>>
> >>>> SSLEngine on
> >>>> SSLCertificateFile    /etc/ssl/osgeo/STAR_osgeo_org.crt
> >>>> SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
> >>>> SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
> >>>>
> >>>> This needs to happen on:
> >>>> web (osgeo.org)
> >>>> osgeo6 ( various projects like grass.osgeo)
> >>>> tracsvn
> >>>> webextra (osgeo journal)
> >>>> wiki
> >>>> download
> >>>> adhoc?
> >>>>
> >>>>
> >>>> Any volunteers? Needs to happen before May 1st.
> >>>>
> >>>> Thanks,
> >>>> Alex
>
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20160501/ae52335c/attachment-0001.html>

More information about the Sac mailing list