Active Topics

 


Reply
Thread Tools
Posts: 39 | Thanked: 117 times | Joined on Apr 2010 @ Norway
#1
My browser says that the certificate for talk.maemo.org has expired today.
 

The Following 20 Users Say Thank You to BentL For This Useful Post:
Posts: 395 | Thanked: 509 times | Joined on Jan 2011 @ Brisbane, Australia
#2
Yeah happened to me too. Thought it was just firefox being stupid. Everything was fine, refreshed the page 10 minutes later and it was complaining.
__________________
2016 - N900 todo list
  • Update Smartcam M5 (rewrite, client+server)
  • Simple Skype client (chat)
  • Translink Brisbane script (time to bus/train)
  • Commbank client (check balance)
  • Uber (basic client, request ride, etc)
 

The Following 4 Users Say Thank You to azkay For This Useful Post:
pichlo's Avatar
Posts: 6,445 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#3
Originally Posted by azkay View Post
Everything was fine, refreshed the page 10 minutes later and it was complaining.
That's because it expired at 09:08:12 GMT. Your 10 minutes must have spanned that point.
__________________
Русский военный корабль, иди нахуй!
 

The Following 5 Users Say Thank You to pichlo For This Useful Post:
Posts: 395 | Thanked: 509 times | Joined on Jan 2011 @ Brisbane, Australia
#4
Originally Posted by pichlo View Post
That's because it expired at 09:08:12 GMT. Your 10 minutes must have spanned that point.
I know that much, I read the error message
But stranger browser errors have happened (and computer time changes, etc)
__________________
2016 - N900 todo list
  • Update Smartcam M5 (rewrite, client+server)
  • Simple Skype client (chat)
  • Translink Brisbane script (time to bus/train)
  • Commbank client (check balance)
  • Uber (basic client, request ride, etc)
 

The Following 5 Users Say Thank You to azkay For This Useful Post:
Posts: 253 | Thanked: 1,007 times | Joined on May 2010 @ Near Munich
#5
Maybe the certificate can be switched to a letsencrypt one?
They provide tools for automatic renewal, which work flawlessly for me, and its free of charge.
 

The Following 9 Users Say Thank You to Macros For This Useful Post:
mosen's Avatar
Community Council | Posts: 1,669 | Thanked: 10,225 times | Joined on Nov 2014 @ Lower Rhine
#6
We discussed briefly in last maemo meeting.
I am a big fan of letsencrypt also mostly for the auto-renewal scripts.

But it is highly likely that renewal of the startcom cert is much less work for tech-staff than to change the running system?

Although recent developments suggest to move away from Startcom as Google and Mozilla decided to distrust them(?):

https://en.wikipedia.org/wiki/StartCom
In August 2016 it was reported that StartCom was sold to WoSign, a Chinese CA.[14][27][28] The original disclosure was taken down for legal reasons.[29] However, repostings of the original articles are still available.[27] The relationship is unclear, but it seems as if the StartCom technical infrastructure was being used by WoSign when they were caught issuing about a hundred[30] improperly validated SSL certificates, including a certificate for github.com.[14][31]

An investigation by Google and Mozilla found that WoSign knowingly and intentionally mis-issued certificates in order to circumvent browser restrictions and CA requirements. As a result, Google joined Mozilla and Apple and will distrust WoSign and StartCom certificates beginning in 2017. [32] On July 17, 2017, an announcement was made about the restructuring of the company. It was announced that Startcom is now 100% managed by Qihoo360, no Startcom employees are working on Wosign premises, audits have been made by external pen testers, and a new CMS system was developed.
 

The Following 6 Users Say Thank You to mosen For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#7
Originally Posted by mosen View Post
We discussed briefly in last maemo meeting.
I am a big fan of letsencrypt also mostly for the auto-renewal scripts.

But it is highly likely that renewal of the startcom cert is much less work for tech-staff than to change the running system?

Although recent developments suggest to move away from Startcom as Google and Mozilla decided to distrust them(?):

https://en.wikipedia.org/wiki/StartCom
It’s trivial to get and install or even renew a letsencrypt very.
I did for my J1 web/mail/vpn server using the readily available python scripts .
Took me less than 15 min to have A+++ rating on my J1 .

If I can do it that fast, our tech guys could do it in less than a leap second.
 

The Following 5 Users Say Thank You to nieldk For This Useful Post:
Feathers McGraw's Avatar
Posts: 654 | Thanked: 2,368 times | Joined on Jul 2014 @ UK
#8
What's the most important factor in the decision? Price? You can get commercial certs for about £5/yr quite easily:

https://www.ssls.com/ssl-certificate...do-positivessl

Depends how much info you need them to validate in the cert though
 

The Following 3 Users Say Thank You to Feathers McGraw For This Useful Post:
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#9
Originally Posted by Feathers McGraw View Post
What's the most important factor in the decision?
I guess it's "never touch a running system". Only that the certificate expired (so it's not running anymore), and that there are reasons to move away from StartCom.

Maybe the new council can request moving to Letsencrypt. We have few (sub-)domains so it's no problem. Next year Letsencrypt will even offer wildcard certificates (*.maemo.org), which should make everything even easier to manage.

(I'm a happy user of Letsencrypt as well
 

The Following 13 Users Say Thank You to reinob For This Useful Post:
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#10
I think we should get a commercial certificate. We have the funds if costs indeed are in the range of tens of euros per year and not kiloeuros as I previously thought.

The problem is what to use and how... I have only ever generated and used self-signed certs so I have no idea how to go at it...

So any and all help is appreciated!
 

The Following 4 Users Say Thank You to juiceme For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 08:53.