Hi, The SSL certificate used for wiki.openfabrics.org is basically bogus.
1) the embedded name is staging.openfabrics.org (to be correct it needs to really match what's in the url), browsers check this so then can authenticate who is at the other end of the url (this prevents dns spoofing, which can make www.citibank.com actually send some people to the ip address for hackers.areus.com) 2) the certificate expired 1/19/2007 3) the certificate is self signed, not from a real certificate authority (the thing that prevents hackers.areus.com from just self signing a certificate that has www.citibank.com is browsers only accept certificates that have a parent (or parents parent) that is rooted in trusted certificates, unless you explicitly tell your browser to trust a certificate The lowest cost real SSL certificates I know of are at godaddy.com. The simplest one is $20/year (for a single site certificate like wiki.openfabrics.org). If you want a wildcard certificate (i.e. *.openfabrics.org) its $199/year. This validates in something like 98% of browsers. The $500 Verisign certificates validate in like 99.9% of browsers. The process to get a real SSL certificate basically is someone who has appropriate access to the web server needs to generate a certificate signing request (csr) with a private key. You keep the private key, and you send the csr to the certificate authority (and perhaps tell them which web server you use). They will validate your identity ($20 doesn't get much validation, like that the owner of the domain has your email address), sign the csr with a private key that has in it's parent chain one of the roots sorted in web browsers, and send you back the signed certificate. This certificate, along with the private key which you carefully kept secret, needs to then be configured in the web server and ssl works as intended. As I remember, the last time I used a low cost godaddy.com certificate, I also had to add an intermediate certificate in the chain to the web server, to be sent along with the site certificate. This is because godaddy's certificate is the child of a child of a validated root. The web servers all know how to configure these intermediate certificates and are not uncommon (like a big corporation would get a corporate subroot signed by a validated root, to use in their corporate certificate authority, which then signs the certificates of a department, and ssl is happy). Jan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Stan Sent: Monday, October 01, 2007 10:24 AM To: [email protected] Subject: [ofw] Resolution for missing header files in build processdocumented @ openib-wiki FAQ See https://wiki.openfabrics.org/tiki-index.php?page=Windows+FAQ BTW, does anyone know how to correct the problem with this website's security certificate? It's hard to maintain a semblance of credibility when we don't even fix our own web page... Thanks, Stan. _______________________________________________ ofw mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw _______________________________________________ ofw mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
