Adam Burns: > On 28/01/16 10:55, sycamoreone wrote: >> flapflap: >>> I get a certificate warning when visiting https://git.tails.boum.org, >>> issued by immerda.ch. >> >> The certificate served by https://git.tails.boum.org is signed by >> immerda.ch itself (CN of the issuer is immerda_public_web_4-ca), so it >> won't be accepted by browser by default. > > and tails.boum.org / boum.org use a wildcard certificate *.boum.org > issued by Gandi
tails.boum.org and boum.org are both hosted by the boum collective, with their wildcard certificate for boum.org and *.boum.org but not for *.tails.boum.org. git.tails.boum.org, or better git-tails.immerda.ch, is hosted by the immerda collective with their wildcard certificate for immerda.ch and *.immerda.ch. If you go on git.tails.boum.org you end up on a machine run by immerda which displays the immerda certificate. That's why you should always and only use git-tails.immerda.ch. >> But this is probably not much of a problem, as I don't believe that site >> is really for general use: The official place for Tails' Git >> repositories is https://git-tails.immerda.ch/, which has a proper >> certificate signed by Gandi Standard SSL CA 2. git.tails.boum.org is >> only used by "developers with write access to the repositories" (see >> https://tails.boum.org/contribute/git/). >> >> That of course doesn't mean that having a letsencrypt certificate >> wouldn't be great :). > > I guess it depends on what the certificate is intended to be used for. I > think supporting CA-Cert is also a good thing (tm). > > Whatever, I guess documented consistency is important. Exactly! So my question now is: Where did you get the git.tails.boum.org URL? Because that's the problem that needs to be solved and we should replace it with git-tails.immerda.ch. _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
