[SAC] SSL Certificate Followup - Urgent

Harrison Grundy harrison.grundy at astrodoggroup.com
Sun May 1 08:36:21 PDT 2016 

Perhaps it's worth turning https on for all sites, then cleaning up these kinds of things? 

On May 1, 2016 11:13:40 PM GMT+08:00, Alex Mandel <tech_dev at wildintellect.com> wrote:
>Planet like many other sites, never had an https configuration. I have
>added one now, however this site has the mixed content error, where
>some
>parts are not delivered over https.
>
>This is often because js, css or image file locations are hard coded
>with http:// instead of being dynamic. Someone more familiar with the
>planet software, should look into that.
>
>Thanks,
>Alex
>
>On 05/01/2016 04:28 AM, Jorge Sanz wrote:
>> Hi Alex,
>> 
>> https://planet.osgeo.org is showing the journal site, can you fix it,
>> please?
>> 
>> Thanks!
>> --
>> Jorge Sanz
>> 
>> Sent from my phone, excuse my brevity.
>> El 1/5/2016 3:00, "Alex Mandel" <tech_dev at wildintellect.com>
>escribió:
>> 
>>> webextra(journal and live) done.
>>> osgeo6( grass, grasswiki, and lists) done.
>>>
>>> no sites on adhoc or downloads have ssl currently.
>>>
>>> Biggest thing I noticed, we still have some sites that don't
>redirect
>>> logins to always use https. Also some sites have mixed content, fdo
>and
>>> journal, we should find a fix for that.
>>>
>>> Let me know if I missed any sites.
>>>
>>> Thanks,
>>> Alex
>>>
>>> On 2016-04-30 17:42, Alex Mandel wrote:
>>>> web (www and fdo) done
>>>>
>>>> On 2016-04-30 17:26, Alex Mandel wrote:
>>>>> wiki done.
>>>>>
>>>>> On 2016-04-30 17:17, Alex Mandel wrote:
>>>>>> trac,git and subversion (tracsvn) done.
>>>>>>
>>>>>> I could use some help rolling this out, as some timezones are
>already
>>>>>> hitting the expiration date.
>>>>>>
>>>>>> Find me on IRC if you can help.
>>>>>>
>>>>>> Thanks,
>>>>>> Alex
>>>>>>
>>>>>>
>>>>>> On 2016-04-29 20:37, Alex Mandel wrote:
>>>>>>> On 2016-04-29 10:31, Alex M wrote:
>>>>>>>> Ok, I've got the new cert and have tested it on
>>>>>>>> https://live.osgeo.org/en/index.html
>>>>>>>>
>>>>>>>> The only concern that came up, is the new certificate is a
>Domain
>>>>>>>> Validation cert, as opposed to an Organizational Validation
>(OV)
>>> cert.
>>>>>>>>
>>>>>>>> The difference, from what I can see is that if you view the
>>> certificate
>>>>>>>> information, the organization line is not filled in.
>>>>>>>>
>>>>>>>> Comodo has offered us a renewal package, for 5 years at ~$1200
>(we
>>> just
>>>>>>>> paid ~$250/yr). So really about the same price per year to
>continue
>>> with
>>>>>>>> the OV cert.
>>>>>>>>
>>>>>>>> Does anyone have an opinion on this? I suppose this is also the
>>>>>>>> difference if we move to letsencrypt.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Alex
>>>>>>>
>>>>>>> Not sure if this is a + or - , Uber uses the cheaper DV for it's
>>>>>>> website. No one has an opinion on this? I'd say we need to
>decide by
>>> end
>>>>>>> of next week, since we can cancel our new purchase, and still
>renew
>>> the
>>>>>>> old cert provider. Maybe I'll talk to people at Foss4gNA about
>it.
>>>>>>>
>>>>>>> Seems we need to start moving sites tonight to the new cert we
>have.
>>>>>>> Procedure is copy the files from secure to the host with *.osgeo
>>> sites.
>>>>>>>
>>>>>>> Then in apache add/replace in ssl site-available configs, note
>grep
>>> all
>>>>>>> the sites-available for 443 to find the SSL configs.
>>>>>>>
>>>>>>> SSLEngine on
>>>>>>> SSLCertificateFile    /etc/ssl/osgeo/STAR_osgeo_org.crt
>>>>>>> SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
>>>>>>> SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
>>>>>>>
>>>>>>> This needs to happen on:
>>>>>>> web (osgeo.org)
>>>>>>> osgeo6 ( various projects like grass.osgeo)
>>>>>>> tracsvn
>>>>>>> webextra (osgeo journal)
>>>>>>> wiki
>>>>>>> download
>>>>>>> adhoc?
>>>>>>>
>>>>>>>
>>>>>>> Any volunteers? Needs to happen before May 1st.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Alex
>>>
>>> _______________________________________________
>>> Sac mailing list
>>> Sac at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/sac
>> 
>
>_______________________________________________
>Sac mailing list
>Sac at lists.osgeo.org
>http://lists.osgeo.org/mailman/listinfo/sac

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20160501/b28256a8/attachment.html>

More information about the Sac mailing list