maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   General (https://talk.maemo.org/forumdisplay.php?f=7)
-   -   talk.maemo.org certificate expired! (https://talk.maemo.org/showthread.php?t=99658)

BentL 2017-08-01 09:24

talk.maemo.org certificate expired!
 
My browser says that the certificate for talk.maemo.org has expired today.

azkay 2017-08-01 11:06

Re: talk.maemo.org certificate expired!
 
Yeah happened to me too. Thought it was just firefox being stupid. Everything was fine, refreshed the page 10 minutes later and it was complaining.

pichlo 2017-08-01 11:09

Re: talk.maemo.org certificate expired!
 
Quote:

Originally Posted by azkay (Post 1531773)
Everything was fine, refreshed the page 10 minutes later and it was complaining.

That's because it expired at 09:08:12 GMT. Your 10 minutes must have spanned that point.

azkay 2017-08-01 11:46

Re: talk.maemo.org certificate expired!
 
Quote:

Originally Posted by pichlo (Post 1531774)
That's because it expired at 09:08:12 GMT. Your 10 minutes must have spanned that point.

I know that much, I read the error message :)
But stranger browser errors have happened (and computer time changes, etc)

Macros 2017-08-03 11:11

Re: talk.maemo.org certificate expired!
 
Maybe the certificate can be switched to a letsencrypt one?
They provide tools for automatic renewal, which work flawlessly for me, and its free of charge.

mosen 2017-08-03 12:24

Re: talk.maemo.org certificate expired!
 
We discussed briefly in last maemo meeting.
I am a big fan of letsencrypt also mostly for the auto-renewal scripts.

But it is highly likely that renewal of the startcom cert is much less work for tech-staff than to change the running system?

Although recent developments suggest to move away from Startcom as Google and Mozilla decided to distrust them(?):

https://en.wikipedia.org/wiki/StartCom
Quote:

In August 2016 it was reported that StartCom was sold to WoSign, a Chinese CA.[14][27][28] The original disclosure was taken down for legal reasons.[29] However, repostings of the original articles are still available.[27] The relationship is unclear, but it seems as if the StartCom technical infrastructure was being used by WoSign when they were caught issuing about a hundred[30] improperly validated SSL certificates, including a certificate for github.com.[14][31]

An investigation by Google and Mozilla found that WoSign knowingly and intentionally mis-issued certificates in order to circumvent browser restrictions and CA requirements. As a result, Google joined Mozilla and Apple and will distrust WoSign and StartCom certificates beginning in 2017. [32] On July 17, 2017, an announcement was made about the restructuring of the company. It was announced that Startcom is now 100% managed by Qihoo360, no Startcom employees are working on Wosign premises, audits have been made by external pen testers, and a new CMS system was developed.

nieldk 2017-08-03 13:04

Re: talk.maemo.org certificate expired!
 
Quote:

Originally Posted by mosen (Post 1531968)
We discussed briefly in last maemo meeting.
I am a big fan of letsencrypt also mostly for the auto-renewal scripts.

But it is highly likely that renewal of the startcom cert is much less work for tech-staff than to change the running system?

Although recent developments suggest to move away from Startcom as Google and Mozilla decided to distrust them(?):

https://en.wikipedia.org/wiki/StartCom

It’s trivial to get and install or even renew a letsencrypt very.
I did for my J1 web/mail/vpn server using the readily available python scripts .
Took me less than 15 min to have A+++ rating on my J1 .

If I can do it that fast, our tech guys could do it in less than a leap second.

Feathers McGraw 2017-08-03 13:08

Re: talk.maemo.org certificate expired!
 
What's the most important factor in the decision? Price? You can get commercial certs for about £5/yr quite easily:

https://www.ssls.com/ssl-certificate...do-positivessl

Depends how much info you need them to validate in the cert though

reinob 2017-08-09 12:23

Re: talk.maemo.org certificate expired!
 
Quote:

Originally Posted by Feathers McGraw (Post 1531976)
What's the most important factor in the decision?

I guess it's "never touch a running system". Only that the certificate expired (so it's not running anymore), and that there are reasons to move away from StartCom.

Maybe the new council can request moving to Letsencrypt. We have few (sub-)domains so it's no problem. Next year Letsencrypt will even offer wildcard certificates (*.maemo.org), which should make everything even easier to manage.

(I'm a happy user of Letsencrypt as well :)

juiceme 2017-08-09 14:02

Re: talk.maemo.org certificate expired!
 
I think we should get a commercial certificate. We have the funds if costs indeed are in the range of tens of euros per year and not kiloeuros as I previously thought.

The problem is what to use and how... I have only ever generated and used self-signed certs so I have no idea how to go at it... :D

So any and all help is appreciated!


All times are GMT. The time now is 08:57.

vBulletin® Version 3.8.8