Tzachi Dar wrote: > One more thought about the certificate: > This certificate is needed since we are using https and not http. > Is there any reason not to use http?
This question has come up and I do not have a good answer? My _guess_ is the SSL/https is tied into the Wiki edit functionality? Using http: would be a big win in my mind as long as we do not lose the Wiki edit ability - keep it simple! Stan. > > Thanks > Tzachi > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Ryan, Jim >> Sent: Tuesday, October 02, 2007 11:10 PM >> To: Smith, Stan; [email protected] >> Cc: [EMAIL PROTECTED] >> Subject: [ofw] RE: openfabrics.org ssl certificate >> >> Money well spent >> >> -----Original Message----- >> From: Smith, Stan >> Sent: Tuesday, October 02, 2007 1:31 PM >> To: [email protected] >> Cc: Ryan, Jim; [EMAIL PROTECTED] >> Subject: RE: openfabrics.org ssl certificate >> >> >> Would the person who setup the openib-windows Wiki or someone who is >> knowledgeable of the Wiki setup please contact me w.r.t. the >> Wiki being >> moved if it's not already at an OpenFabrics Alliance server. >>> From Jan's response this could be the case, hence a >> certificate refresh >> (aka $$ & email) is all that is needed? >> >> Thanks Jan. >> >> Stan. >> >> PS: Jim this might cost you $$? >> >> >> >> Jan Bottorff wrote: >>> Hi, >>> >>> The SSL certificate used for wiki.openfabrics.org is basically >>> bogus. >>> >>> 1) the embedded name is staging.openfabrics.org (to be correct it >>> needs to really match what's in the url), browsers check this so >>> then can authenticate who is at the other end of the url (this >>> prevents dns spoofing, which can make www.citibank.com actually >>> send some people to the ip address for hackers.areus.com) >>> >>> 2) the certificate expired 1/19/2007 >>> >>> 3) the certificate is self signed, not from a real certificate >>> authority (the thing that prevents hackers.areus.com from just self >>> signing a certificate that has www.citibank.com is browsers only >>> accept certificates that have a parent (or parents parent) that is >>> rooted in trusted certificates, unless you explicitly tell your >>> browser to trust a certificate >>> >>> The lowest cost real SSL certificates I know of are at godaddy.com. >>> The simplest one is $20/year (for a single site certificate like >>> wiki.openfabrics.org). If you want a wildcard certificate (i.e. >>> *.openfabrics.org) its $199/year. This validates in something like >>> 98% of browsers. The $500 Verisign certificates validate in like >>> 99.9% of browsers. >>> >>> The process to get a real SSL certificate basically is someone who >>> has appropriate access to the web server needs to generate a >>> certificate signing request (csr) with a private key. You keep the >>> private key, and you send the csr to the certificate authority (and >>> perhaps tell them which web server you use). They will validate >>> your identity ($20 doesn't get much validation, like that the owner >>> of the domain has your email address), sign the csr with a private >>> key that has in it's parent chain one of the roots sorted in web >>> browsers, and send you back the signed certificate. This >>> certificate, along with the private key which you carefully kept >>> secret, needs to then be configured in the web server and ssl works >>> as intended. As I remember, the last time I used a low cost >>> godaddy.com certificate, I also had to add an intermediate >>> certificate in the chain to the web server, to be sent along with >>> the site certificate. This is because godaddy's certificate is the >>> child of a child of a validated root. The web servers all know how >>> to configure these intermediate certificates and are not uncommon >>> (like a big corporation would get a corporate subroot signed by a >>> validated root, to use in their corporate certificate authority, >>> which then signs the certificates of a department, and ssl is >>> happy). >>> >>> >>> Jan >>> >>> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Stan >>> Sent: Monday, October 01, 2007 10:24 AM >>> To: [email protected] >>> Subject: [ofw] Resolution for missing header files in build >>> processdocumented @ openib-wiki FAQ >>> >>> >>> See https://wiki.openfabrics.org/tiki-index.php?page=Windows+FAQ >>> >>> BTW, does anyone know how to correct the problem with this >>> website's security certificate? It's hard to maintain a semblance >>> of credibility when we don't even fix our own web page... >>> >>> Thanks, >>> >>> Stan. >>> _______________________________________________ >>> ofw mailing list >>> [email protected] >>> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw >> _______________________________________________ >> ofw mailing list >> [email protected] >> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw _______________________________________________ ofw mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
