Subject: Re: [boost] svn.boost.org SSL cert errro
From: Niall Douglas (s_sourceforge_at_[hidden])
Date: 2015-04-07 19:07:16
On 7 Apr 2015 at 15:40, Michael Caisse wrote:
> >> We are working on getting a new certificate, and setting up a procedure to
> >> avoid the expired certificate problem in the future. It is taking a bit of
> >> time, however.
> > In case people aren't aware, to renew the kind of cert which expired
> > you need to prove your identity which includes a proof of address
> > which usually means a snail mail card in the post with a verification
> > code plus lots of mailing identity documents to people. This is why
> I have no idea what you are talking about. There are a lot of reasons
> that certs can take some time to renew, snail mail isn't one of them.
> We renew about 2-3 certs a month ranging from standard vanilla to
> wild-card and crazy merchant certs. In January we dealt with 2 certs
> that had expired. Snail mail has never been a requirement.
> Can you please expound?
In the case of the SSL cert for *.nedprod.com, the issuer needed to
prove my address and sent a code on a card to my physical address.
That took two weeks, seeing as the card comes from Israel (it
actually takes eight weeks in total to renew SSL certs for me, but
that is for other reasons).
I entirely accept that if your issuer lived in the same city in the
US as you do, address verification would be rather quicker. They
could also accept other evidence only possible to a US issuer
verifying a US org. What I was trying to do was explain why getting
new SSL certs isn't always as easy as a few clicks on a web page, if
I was wrong then I'm sure we'd all love to hear why svn.boost.org's
cert is taking so long.
-- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk