[SAC] SSL Certificate Followup - Urgent

Alex Mandel tech_dev at wildintellect.com
Sun May 1 08:13:40 PDT 2016


Planet like many other sites, never had an https configuration. I have
added one now, however this site has the mixed content error, where some
parts are not delivered over https.

This is often because js, css or image file locations are hard coded
with http:// instead of being dynamic. Someone more familiar with the
planet software, should look into that.

Thanks,
Alex

On 05/01/2016 04:28 AM, Jorge Sanz wrote:
> Hi Alex,
> 
> https://planet.osgeo.org is showing the journal site, can you fix it,
> please?
> 
> Thanks!
> --
> Jorge Sanz
> 
> Sent from my phone, excuse my brevity.
> El 1/5/2016 3:00, "Alex Mandel" <tech_dev at wildintellect.com> escribió:
> 
>> webextra(journal and live) done.
>> osgeo6( grass, grasswiki, and lists) done.
>>
>> no sites on adhoc or downloads have ssl currently.
>>
>> Biggest thing I noticed, we still have some sites that don't redirect
>> logins to always use https. Also some sites have mixed content, fdo and
>> journal, we should find a fix for that.
>>
>> Let me know if I missed any sites.
>>
>> Thanks,
>> Alex
>>
>> On 2016-04-30 17:42, Alex Mandel wrote:
>>> web (www and fdo) done
>>>
>>> On 2016-04-30 17:26, Alex Mandel wrote:
>>>> wiki done.
>>>>
>>>> On 2016-04-30 17:17, Alex Mandel wrote:
>>>>> trac,git and subversion (tracsvn) done.
>>>>>
>>>>> I could use some help rolling this out, as some timezones are already
>>>>> hitting the expiration date.
>>>>>
>>>>> Find me on IRC if you can help.
>>>>>
>>>>> Thanks,
>>>>> Alex
>>>>>
>>>>>
>>>>> On 2016-04-29 20:37, Alex Mandel wrote:
>>>>>> On 2016-04-29 10:31, Alex M wrote:
>>>>>>> Ok, I've got the new cert and have tested it on
>>>>>>> https://live.osgeo.org/en/index.html
>>>>>>>
>>>>>>> The only concern that came up, is the new certificate is a Domain
>>>>>>> Validation cert, as opposed to an Organizational Validation (OV)
>> cert.
>>>>>>>
>>>>>>> The difference, from what I can see is that if you view the
>> certificate
>>>>>>> information, the organization line is not filled in.
>>>>>>>
>>>>>>> Comodo has offered us a renewal package, for 5 years at ~$1200 (we
>> just
>>>>>>> paid ~$250/yr). So really about the same price per year to continue
>> with
>>>>>>> the OV cert.
>>>>>>>
>>>>>>> Does anyone have an opinion on this? I suppose this is also the
>>>>>>> difference if we move to letsencrypt.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Alex
>>>>>>
>>>>>> Not sure if this is a + or - , Uber uses the cheaper DV for it's
>>>>>> website. No one has an opinion on this? I'd say we need to decide by
>> end
>>>>>> of next week, since we can cancel our new purchase, and still renew
>> the
>>>>>> old cert provider. Maybe I'll talk to people at Foss4gNA about it.
>>>>>>
>>>>>> Seems we need to start moving sites tonight to the new cert we have.
>>>>>> Procedure is copy the files from secure to the host with *.osgeo
>> sites.
>>>>>>
>>>>>> Then in apache add/replace in ssl site-available configs, note grep
>> all
>>>>>> the sites-available for 443 to find the SSL configs.
>>>>>>
>>>>>> SSLEngine on
>>>>>> SSLCertificateFile    /etc/ssl/osgeo/STAR_osgeo_org.crt
>>>>>> SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
>>>>>> SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
>>>>>>
>>>>>> This needs to happen on:
>>>>>> web (osgeo.org)
>>>>>> osgeo6 ( various projects like grass.osgeo)
>>>>>> tracsvn
>>>>>> webextra (osgeo journal)
>>>>>> wiki
>>>>>> download
>>>>>> adhoc?
>>>>>>
>>>>>>
>>>>>> Any volunteers? Needs to happen before May 1st.
>>>>>>
>>>>>> Thanks,
>>>>>> Alex
>>
>> _______________________________________________
>> Sac mailing list
>> Sac at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/sac
> 



More information about the Sac mailing list