[SAC] SSL Certificate Followup

Alex M tech_dev at wildintellect.com
Mon May 2 11:47:12 PDT 2016 

Correct, I think that's an apache protocol configuration issue.

Thanks for reporting.
Alex

On 05/02/2016 12:10 PM, Ari Jolma wrote:
> Probably not a certificate issue but Chrome in my Android tablet reports
> that the site (trac.osgeo.org) "uses an outdated encryption TLS 1.0".
> 
> Ari
> 
> 02.05.2016, 19:04, Harrison Grundy kirjoitti:
>> Following the thread, it seems like DV solves the immediate problem.
>>
>> Given the limited time and energy available to SAC, and the
>> possibility of migrating to something like LetsEncrypt later, I'd be
>> inclined to leave it at that, rather than burn those resources
>> refunding and reworking the certificate.
>>
>> --- Harrison
>>
>>
>>
>>
>>
>> On May 2, 2016 11:47:28 PM GMT+08:00, Alex M
>> <tech_dev at wildintellect.com> wrote:
>>
>>     On 05/02/2016 11:16 AM, Sandro Santilli wrote:
>>
>>         On Mon, May 02, 2016 at 09:57:48AM -0400, Alex M wrote:
>>
>>             On 05/02/2016 09:51 AM, Sandro Santilli wrote:
>>
>>                 On Mon, May 02, 2016 at 09:33:34AM -0400, Alex M wrote:
>>
>>                     Note to those suggesting letsencrypt, that too
>>                     would only be a DV cert.
>>                 Am I reading it correctly that https://wikipedia.org
>>                 and https://fsf.org are also using a DV cert ? My
>>                 browser reports (upon asking for more information):
>>                 "This website does not supply ownership information."
>>             It's not the Ownership info, it's the Organization (O)
>>             line, right after the common name. That's the only
>>             difference I've found.
>>         My current browser (Iceweasel 38.7.0) doesn't show an
>>         Organization line for the SSL certificate. The only difference
>>         I see between the (say) paypal or wikipedia account is the
>>         "ownership information".
>>
>>             I'll also note, it's harder to hijack the account, since
>>             even when logging in you basically can't do anything on
>>             Comodo (our old cert) and I've been going back and forth
>>             with t hem about updating the contact email address, which
>>             requires emailing from the current account to a specific
>>             address on their side requesting the change. Since we
>>             don't do an $ transactions, I can't really say if it's
>>             worth it or not.
>>         I guess it depends on priorities and funds availability. I'd
>>         like to see the disk space fixed, for example, and newer
>>         machines to host newer services.
>>
>>     This decision in no way impacts our ability to buy a new machine
>> (next
>>     year, we just bought one last year). As for disk space, we
>> actually have
>>     the space, just a technical thing that we need to allocate more where
>>     it's needed.
>>
>>     We're also talking about ~$500 difference, but 2 additional years.
>>     It would however incur a time cost, of dealing with the refund,
>>     purchase, and installation of another cert.
>>
>>     Thanks,
>>     Alex
>>    
>> ------------------------------------------------------------------------
>>
>>     Sac mailing list
>>     Sac at lists.osgeo.org
>>     http://lists.osgeo.org/mailman/listinfo/sac
>>
>> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>> _______________________________________________
>> Sac mailing list
>> Sac at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/sac
> 
> 
> 
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
>

More information about the Sac mailing list