Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid

2014-07-22 Thread Martin Kosek
On 06/26/2014 10:39 AM, Martin Kosek wrote:
 On 06/26/2014 07:28 AM, James wrote:
 I think it's kind of funny that the cert for: https://www.freeipa.org/
 is invalid, particularly since this is a security product.

 In any case, feel free to forward to whoever maintains this in case
 someone thinks it matters.

 Cheers,
 James
 
 You are of course right. Given that OpenShift (where the wiki is running) now
 supports certificates for aliases, it is possible to configure the 
 certificate.
 
 I have started the machinery, stay tuned.
 
 Thanks,
 Martin

To update this thread, note that https://www.freeipa.org is now secured with a
valid certificate.

https://freeipa.org is NOT secured with a valid certificate as this is routed
via external server which redirects all requests to www.freeipa.org.

This is required as OpenShift application node A/ records can change and we
need to always point to the CNAME (wiki-freeipaorg.rhcloud.com). Given that DNS
zone record (freeipa.org) cannot contain CNAME record, we are stuck with this
external redirector. Long story short, this one will take more time to solve.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid

2014-06-26 Thread Rob Townley
StartSSL has free ssl certs.
Very inexpensive wildcard certs ~$50.00.
StartCom CA that has been trusted by browsers for years.
 On Jun 26, 2014 12:29 AM, James purplei...@gmail.com wrote:

 I think it's kind of funny that the cert for: https://www.freeipa.org/
 is invalid, particularly since this is a security product.

 In any case, feel free to forward to whoever maintains this in case
 someone thinks it matters.

 Cheers,
 James

 ___
 Freeipa-devel mailing list
 Freeipa-devel@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-devel

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid

2014-06-26 Thread Alexander Bokovoy

On Thu, 26 Jun 2014, Rob Townley wrote:

StartSSL has free ssl certs.
Very inexpensive wildcard certs ~$50.00.
StartCom CA that has been trusted by browsers for years.

We have proper certificate in place. This looks like OpenShift's
misconfiguration.

--
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid

2014-06-26 Thread Martin Kletzander

On Thu, Jun 26, 2014 at 01:23:44AM -0500, Rob Townley wrote:

StartSSL has free ssl certs.
Very inexpensive wildcard certs ~$50.00.
StartCom CA that has been trusted by browsers for years.


I've heard of free (or low-cost) SSL certs for open source software
and there should be a company providing SSL certs for domains as a
part of the ResetTheNet initiative [1], but right now, I'm unable to
find that, so I might have misunderstood some statement.

Martin

[1] https://www.resetthenet.org/


On Jun 26, 2014 12:29 AM, James purplei...@gmail.com wrote:


I think it's kind of funny that the cert for: https://www.freeipa.org/
is invalid, particularly since this is a security product.

In any case, feel free to forward to whoever maintains this in case
someone thinks it matters.

Cheers,
James

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel




___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


signature.asc
Description: Digital signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid

2014-06-26 Thread Martin Kosek
On 06/26/2014 07:28 AM, James wrote:
 I think it's kind of funny that the cert for: https://www.freeipa.org/
 is invalid, particularly since this is a security product.
 
 In any case, feel free to forward to whoever maintains this in case
 someone thinks it matters.
 
 Cheers,
 James

You are of course right. Given that OpenShift (where the wiki is running) now
supports certificates for aliases, it is possible to configure the certificate.

I have started the machinery, stay tuned.

Thanks,
Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


[Freeipa-devel] FYI: Cert for https://www.freeipa.org/ is invalid

2014-06-25 Thread James
I think it's kind of funny that the cert for: https://www.freeipa.org/
is invalid, particularly since this is a security product.

In any case, feel free to forward to whoever maintains this in case
someone thinks it matters.

Cheers,
James

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel