Re: Buy official *.gnome.org SSL certificate?
- From: "James Henstridge" <james jamesh id au>
- To: "Olav Vitters" <olav bkor dhs org>
- Cc: gnome-sysadmin gnome org, gnome-infrastructure gnome org
- Subject: Re: Buy official *.gnome.org SSL certificate?
- Date: Tue, 22 May 2007 20:43:08 +0800
On 13/05/07, Olav Vitters <olav bkor dhs org> wrote:
For Bugzilla I want to move to using SSL for logged in users. Mango
already uses SSL, however, this doesn't make sense unless the
certificate can be trusted.
I propose the GNOME foundation buys a *.gnome.org SSL certificate. Such
a wildcard certificate should be reusable for Mango and Bugzilla.
Two questions:
- Do you agree?
- Was a SSL certificate restricted to an IP address? Hopefully not as
above services run on different machines.
I propose to buy it here (no good reason other than Mozilla used that
for their bmo certificate):
https://www.securetrust.com/
It costs 800 USD for 3 years. See:
https://www.securetrust.com/sslcertificates/wildcard/
Another alternative is GoDaddy, who seem to be a fair bit cheaper
(it'd be $540 for a 3 year period):
https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=271
I know we're using them for the *.launchpad.net wildcard certificate.
I do not know a lot about certificates, so I do not want someone buying
it right away (need someone knowledgeable to say this is the right
option).
The main issue with a wildcard certificate is that if it is stolen it
can be used to spoof any *.gnome.org site, rather than just
bugzilla.gnome.org. Whether this is a problem depends on what other
things are planned to be deployed over the lifetime of the
certificate.
James.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
