Re: Buy official *.gnome.org SSL certificate?

From: "Christian Rose" <menthos gnome org>
To: "Olav Vitters" <olav bkor dhs org>
Cc: gnome-sysadmin gnome org, gnome-infrastructure gnome org
Subject: Re: Buy official *.gnome.org SSL certificate?
Date: Sun, 13 May 2007 11:47:07 +0200

On 5/12/07, Olav Vitters <olav bkor dhs org> wrote:

For Bugzilla I want to move to using SSL for logged in users. Mango
already uses SSL, however, this doesn't make sense unless the
certificate can be trusted.

I propose the GNOME foundation buys a *.gnome.org SSL certificate. Such
a wildcard certificate should be reusable for Mango and Bugzilla.

Two questions:
- Do you agree?
- Was a SSL certificate restricted to an IP address? Hopefully not as
  above services run on different machines.


IIRC, wildcard SSL certificates (*.gnome.org) can only be used on a
single machine, i.e. in use with virtualhosts on a single machine.

Furthermore, if I remember correctly, Owen raised an objection when
this was discussed in the past. The private certificate needs to be
stored in a secure fashion, and only a selected few should have access
to it. However, window can be accessed by almost all module
maintainers, so perhaps it's not the most appropriate machine for
this.

However, in principle, I think using real certificates is an excellent
idea, for all the obvious reasons. And the problems could probably be
solved.


Christian

Follow-Ups:
- Re: Buy official *.gnome.org SSL certificate?
  - From: Olav Vitters

References:
- Buy official *.gnome.org SSL certificate?
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]