Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid
On 06/26/2014 10:39 AM, Martin Kosek wrote: > On 06/26/2014 07:28 AM, James wrote: >> I think it's kind of funny that the cert for: https://www.freeipa.org/ >> is invalid, particularly since this is a security product. >> >> In any case, feel free to forward to whoever maintains this in case >> someone thinks it matters. >> >> Cheers, >> James > > You are of course right. Given that OpenShift (where the wiki is running) now > supports certificates for aliases, it is possible to configure the > certificate. > > I have started the machinery, stay tuned. > > Thanks, > Martin To update this thread, note that https://www.freeipa.org is now secured with a valid certificate. https://freeipa.org is NOT secured with a valid certificate as this is routed via external server which redirects all requests to "www.freeipa.org". This is required as OpenShift application node A/ records can change and we need to always point to the CNAME (wiki-freeipaorg.rhcloud.com). Given that DNS zone record (freeipa.org) cannot contain CNAME record, we are stuck with this external redirector. Long story short, this one will take more time to solve. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid
On 06/26/2014 07:28 AM, James wrote: > I think it's kind of funny that the cert for: https://www.freeipa.org/ > is invalid, particularly since this is a security product. > > In any case, feel free to forward to whoever maintains this in case > someone thinks it matters. > > Cheers, > James You are of course right. Given that OpenShift (where the wiki is running) now supports certificates for aliases, it is possible to configure the certificate. I have started the machinery, stay tuned. Thanks, Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid
On Thu, Jun 26, 2014 at 01:23:44AM -0500, Rob Townley wrote: StartSSL has free ssl certs. Very inexpensive wildcard certs ~$50.00. StartCom CA that has been trusted by browsers for years. I've heard of free (or low-cost) SSL certs for open source software and there should be a company providing SSL certs for domains as a part of the ResetTheNet initiative [1], but right now, I'm unable to find that, so I might have misunderstood some statement. Martin [1] https://www.resetthenet.org/ On Jun 26, 2014 12:29 AM, "James" wrote: I think it's kind of funny that the cert for: https://www.freeipa.org/ is invalid, particularly since this is a security product. In any case, feel free to forward to whoever maintains this in case someone thinks it matters. Cheers, James ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel signature.asc Description: Digital signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid
On Thu, 26 Jun 2014, Rob Townley wrote: StartSSL has free ssl certs. Very inexpensive wildcard certs ~$50.00. StartCom CA that has been trusted by browsers for years. We have proper certificate in place. This looks like OpenShift's misconfiguration. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid
StartSSL has free ssl certs. Very inexpensive wildcard certs ~$50.00. StartCom CA that has been trusted by browsers for years. On Jun 26, 2014 12:29 AM, "James" wrote: > I think it's kind of funny that the cert for: https://www.freeipa.org/ > is invalid, particularly since this is a security product. > > In any case, feel free to forward to whoever maintains this in case > someone thinks it matters. > > Cheers, > James > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid
I think it's kind of funny that the cert for: https://www.freeipa.org/ is invalid, particularly since this is a security product. In any case, feel free to forward to whoever maintains this in case someone thinks it matters. Cheers, James ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel