|
Boost : |
Subject: Re: [boost] [website] SSL certificate
From: David Abrahams (dave_at_[hidden])
Date: 2010-08-16 01:54:37
[Sorry for the long quote, but this all looks like relevant info and
the thread has been dead a while...]
At Mon, 14 Jun 2010 09:55:17 -0700,
admin_at_[hidden] wrote:
>
> I recently switched from Firefox to Chromium, and I've been having issues
> accessing [1]https://svn.boost.org. It seems that the SSL certificate used
> for [2]svn.boost.org is either not properly configured, or not issued by one
> of the major SSL certificate providers (e.g. VeriSign, GoDaddy). Examination
> of the certificate indicates that it's issued by the Computer Science
> Department of Indiana University, and the certificate doesn't have a chain
> that leads back to a well known CA (the chain is just '[3]svn.boost.org =>
> [4]cs.indiana.edu', and most browsers I've tried don't recognize
> [5]cs.indiana.edu as a legitimate CA by default).
>
> If this isn't just a matter of improper configuration (or, for that matter,
> just a matter of my browsers being screwy), I'd be happy to offer my own SSL
> certificate to Boost. The certificate is a standard SSL certificate issued
> by GoDaddy (domain controlled validation, certificate signing algorithm is
> RSA 2048 bits), and it's paid through 02/20/2011.
>
> I'm currently using my cert for my Debian mirror, so I would have to revoke
> the current certificate, and then submit a CSR from [6]boost.org's server.
> Ideally, then I would generate a CSR request, and the boost server would
> sign it; I'd end up with a cert chain of 'mysite => [7]boost.org =>
> GoDaddy'. [8]boost.org and subdomains would have a cert signed directly by
> GoDaddy, so the [9]svn.boost.org cert would be verify by most browsers
> automatically.
>
> If there's any interest in this, please let me know.
>
> - Bryce Lelbach
>
> References
>
> 1. https://svn.boost.org/
> 2. http://svn.boost.org/
> 3. http://svn.boost.org/
> 4. http://cs.indiana.edu/
> 5. http://cs.indiana.edu/
> 6. http://boost.org/
> 7. http://boost.org/
> 8. http://boost.org/
> 9. http://svn.boost.org/
If we still don't have a valid cert, we should cert-ainly (sorry)
consider taking Bryce up on his offer. Bryce, is this a wildcard
cert? If not, how can it work for our subdomains?
-- Dave Abrahams BoostPro Computing http://www.boostpro.com
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk