I have never heard about this provider, and it is great they are donating their resources to the FOSS. I quick glance on their site has reveiled a couple of issues: - the page for the "Standard Agreement" returns 404 [1]. I won't be willing to agree to something I cannot read upfront. - the process seems to be manual.
The reason I like [2] is because it's backed by EFF and has a huge user base (over 100 millions certificates to date) [3] The process has been debugged already for other Apache projects, so I don't really see why we need to go to someone else? [1] https://www.globalsign.com/en/repository/globalsign-subscriber-agreement-digital-certificates-and-services.pdf [2] https://letsencrypt.org/ [3] https://www.eff.org/deeplinks/2017/06/lets-encrypt-has-issued-100-million-certificates Thanks, Cos On Wed, Jul 19, 2017 at 09:41PM, Aleksey Chetaev wrote: > Hi, > > A know GlobalSing support open source projects for > free(https://www.globalsign.com/en/ssl/ssl-open-source/). > We can request certificates from them, it will be more easy for me. Any > objection? > > > Denis Magda-2 wrote > > Hi Cos, > > > > Alexey Chetaev, please join the conversation and share your thoughts on > > this. > > > > — > > Denis > > > >> On Jul 19, 2017, at 9:44 AM, Konstantin Boudnik < > > > cos@ > > > > wrote: > >> > >> Hey guys. > >> > >> I've noticed that https://ci.ignite.apache.org/ has two issues: > >> - it has the invalid certificate > >> - the CI server isn't responding on the https port (there's only ngnix) > >> > >> I don't about the rest of the group here, but all my browsers are > >> enforcing > >> HTTPS connections for the obvious reasons. I have to add an exception > >> for the CI server to get in, which is a minor inconvenience compared to > >> the > >> security risks. I suggest we fix both issues. > >> 1. Getting a valid certificate is easy and doesn't cost a dime nowadays. > >> Here's the very details set of instructions on how we do it for Apache > >> Bigtop. They are easily applicable in Ignite CI's case [1]. I'd be > >> happy to > >> help with this. > >> 2. Reconfiguring the server to respond only on HTTPS port. That's another > >> easy > >> thing to do for anyone with the access to the box. I don't have this, > >> so > >> it'd be someone else. > >> > >> Thoughts? > >> Cos > >> > >> [1] > >> https://cwiki.apache.org/confluence/display/BIGTOP/Bigtop+CI+Setup+Guide#BigtopCISetupGuide-Advancedpart:SetupaSSLsecuredJenkinsmaster > >> > > > > > > -- > View this message in context: > http://apache-ignite-developers.2346864.n4.nabble.com/SSL-certificate-for-the-CI-server-tp19830p19840.html > Sent from the Apache Ignite Developers mailing list archive at Nabble.com.
signature.asc
Description: Digital signature
