|
Boost : |
Subject: Re: [boost] svn.boost.org SSL cert errro
From: Olaf van der Spek (ml_at_[hidden])
Date: 2015-04-08 03:07:37
On Wed, Apr 8, 2015 at 1:07 AM, Niall Douglas <s_sourceforge_at_[hidden]> wrote:
> On 7 Apr 2015 at 15:40, Michael Caisse wrote:
>
>> >> We are working on getting a new certificate, and setting up a procedure to
>> >> avoid the expired certificate problem in the future. It is taking a bit of
>> >> time, however.
>> >
>> > In case people aren't aware, to renew the kind of cert which expired
>> > you need to prove your identity which includes a proof of address
>> > which usually means a snail mail card in the post with a verification
>> > code plus lots of mailing identity documents to people. This is why
>>
>> I have no idea what you are talking about. There are a lot of reasons
>> that certs can take some time to renew, snail mail isn't one of them.
>>
>> We renew about 2-3 certs a month ranging from standard vanilla to
>> wild-card and crazy merchant certs. In January we dealt with 2 certs
>> that had expired. Snail mail has never been a requirement.
>>
>> Can you please expound?
>
> Sure.
>
> In the case of the SSL cert for *.nedprod.com, the issuer needed to
> prove my address and sent a code on a card to my physical address.
> That took two weeks, seeing as the card comes from Israel (it
> actually takes eight weeks in total to renew SSL certs for me, but
> that is for other reasons).
>
> I entirely accept that if your issuer lived in the same city in the
> US as you do, address verification would be rather quicker. They
> could also accept other evidence only possible to a US issuer
> verifying a US org. What I was trying to do was explain why getting
> new SSL certs isn't always as easy as a few clicks on a web page, if
> I was wrong then I'm sure we'd all love to hear why svn.boost.org's
> cert is taking so long.
At startssl.com one can get a basic SSL cert for free..
Certainly no snail mail required.
-- Olaf
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk