[SAC] SSL Certificate Followup

Ari Jolma ari.jolma at gmail.com
Mon May 2 09:10:50 PDT 2016 

Probably not a certificate issue but Chrome in my Android tablet reports 
that the site (trac.osgeo.org) "uses an outdated encryption TLS 1.0".

Ari

02.05.2016, 19:04, Harrison Grundy kirjoitti:
> Following the thread, it seems like DV solves the immediate problem.
>
> Given the limited time and energy available to SAC, and the 
> possibility of migrating to something like LetsEncrypt later, I'd be 
> inclined to leave it at that, rather than burn those resources 
> refunding and reworking the certificate.
>
> --- Harrison
>
>
>
>
>
> On May 2, 2016 11:47:28 PM GMT+08:00, Alex M 
> <tech_dev at wildintellect.com> wrote:
>
>     On 05/02/2016 11:16 AM, Sandro Santilli wrote:
>
>         On Mon, May 02, 2016 at 09:57:48AM -0400, Alex M wrote:
>
>             On 05/02/2016 09:51 AM, Sandro Santilli wrote:
>
>                 On Mon, May 02, 2016 at 09:33:34AM -0400, Alex M wrote:
>
>                     Note to those suggesting letsencrypt, that too
>                     would only be a DV cert. 
>
>                 Am I reading it correctly that https://wikipedia.org
>                 and https://fsf.org are also using a DV cert ? My
>                 browser reports (upon asking for more information):
>                 "This website does not supply ownership information." 
>
>             It's not the Ownership info, it's the Organization (O)
>             line, right after the common name. That's the only
>             difference I've found. 
>
>         My current browser (Iceweasel 38.7.0) doesn't show an
>         Organization line for the SSL certificate. The only difference
>         I see between the (say) paypal or wikipedia account is the
>         "ownership information".
>
>             I'll also note, it's harder to hijack the account, since
>             even when logging in you basically can't do anything on
>             Comodo (our old cert) and I've been going back and forth
>             with t hem about updating the contact email address, which
>             requires emailing from the current account to a specific
>             address on their side requesting the change. Since we
>             don't do an $ transactions, I can't really say if it's
>             worth it or not. 
>
>         I guess it depends on priorities and funds availability. I'd
>         like to see the disk space fixed, for example, and newer
>         machines to host newer services. 
>
>
>     This decision in no way impacts our ability to buy a new machine (next
>     year, we just bought one last year). As for disk space, we actually have
>     the space, just a technical thing that we need to allocate more where
>     it's needed.
>
>     We're also talking about ~$500 difference, but 2 additional years.
>     It would however incur a time cost, of dealing with the refund,
>     purchase, and installation of another cert.
>
>     Thanks,
>     Alex
>     ------------------------------------------------------------------------
>
>     Sac mailing list
>     Sac at lists.osgeo.org
>     http://lists.osgeo.org/mailman/listinfo/sac
>
> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20160502/329ec614/attachment-0001.html>

More information about the Sac mailing list