#682: Renew SSL certificate
---------------------------+------------------------------------------------
Reporter: tmitchell | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+------------------------------------------------
digicert emailed me to let me know our cert expires in 59 days.
I also have a quote from a competitor who wants our business. I can pay
whoever but could use help assessing the best option.
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/682>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
On Wed, Mar 02, 2011 at 06:17:07PM -0000, OSGeo wrote:
digicert emailed me to let me know our cert expires in 59 days.
I also have a quote from a competitor who wants our business. I can pay
whoever but could use help assessing the best option.
My practical experience is limited to one German CA - and they don't
issue wildcard-certificates 
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Hi Tyler,
On Wed, Mar 02, 2011 at 06:17:07PM -0000, OSGeo wrote:
digicert emailed me to let me know our cert expires in 59 days.
Did you already take action ? As far as I can tell the cert should be
valid until end of first May UTC.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
#682: URGENT? Renew SSL certificate
---------------------------+------------------------------------------------
Reporter: tmitchell | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Keywords: ssl
---------------------------+------------------------------------------------
Changes (by tmitchell):
* keywords: => ssl
* priority: normal => critical
Comment:
Do we really need our SSL cert?
I can pay the bill to renew it for 5 years at ~$1400
T-minus 3 days. Can SAC please discuss and give me a +1 to pay it, then
I'll need someone to help implement the certificate. Any takers?
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/682#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#682: URGENT? Renew SSL certificate
---------------------------+------------------------------------------------
Reporter: tmitchell | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Keywords: ssl
---------------------------+------------------------------------------------
Comment(by tmitchell):
FYI - I've paid the fees and awaiting all the other stuff to get
processed. Will still need some techy hands that know this stuff better
than I do to get it all installed.
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/682#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
Do we really need our SSL cert?
I can pay the bill to renew it for 5 years at ~$1400
here they are much cheaper:
http://www.startssl.com/
and we can issue as many other certs as we need.
s.
On 2011-04-27, at 12:00 PM, Sergiusz Pawlowicz wrote:
here they are much cheaper:
http://www.startssl.com/
and we can issue as many other certs as we need.
Thanks Serguisz,
We'll have to remember it for 2016
I've signed up already and am pretty much unable to even compare features/costs since this is waaay outside my area of expertise.
Will still need some expert to help install stuff after the process is complete.
Tyler
On Wed, Apr 27, 2011 at 12:08:19PM -0700, Tyler Mitchell wrote:
Will still need some expert to help install stuff after the process is complete.
I'd be there to help this Saturday evening.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On 2011-04-29, at 3:25 AM, Martin Spott wrote:
Will still need some expert to help install stuff after the process is complete.
I'd be there to help this Saturday evening.
Thank you very much Martin. I haven't heard back from them yet on details, hopefully they send it all through by then.
Tyler
On Fri, Apr 29, 2011 at 08:53:09AM -0700, Tyler Mitchell wrote:
On 2011-04-29, at 3:25 AM, Martin Spott wrote:
>> Will still need some expert to help install stuff after the process is complete.
>
> I'd be there to help this Saturday evening.
Thank you very much Martin. I haven't heard back from them yet on
details, hopefully they send it all through by then.
I'm here at #telascience,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Thanks Martin!! I sent in the CSR request yesterday, haven't heard back yet. I suspect they'll leave us hanging until Monday 
On 2011-04-30, at 1:32 PM, Martin Spott wrote:
On Fri, Apr 29, 2011 at 08:53:09AM -0700, Tyler Mitchell wrote:
On 2011-04-29, at 3:25 AM, Martin Spott wrote:
Will still need some expert to help install stuff after the process is complete.
I'd be there to help this Saturday evening.
Thank you very much Martin. I haven't heard back from them yet on
details, hopefully they send it all through by then.
I'm here at #telascience,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
On Sat, Apr 30, 2011 at 02:32:03PM -0700, Tyler Mitchell wrote:
Thanks Martin!! I sent in the CSR request yesterday, haven't heard
back yet. I suspect they'll leave us hanging until Monday
Mmmmh .... this sort of trouble usually occurs only when you're late.
Actually I was trying to ping you a little bit in advance:
http://lists.osgeo.org/pipermail/sac/2011-March/002986.html
.... but, it seems, I failed.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Yeah I appreciate the hand. It got slowed down for a variety of reasons, but I think they've got everything they need. What happens after? I can't remember. Is there anything we can do in the meantime?
On 2011-04-30, at 2:42 PM, Martin Spott wrote:
On Sat, Apr 30, 2011 at 02:32:03PM -0700, Tyler Mitchell wrote:
Thanks Martin!! I sent in the CSR request yesterday, haven't heard
back yet. I suspect they'll leave us hanging until Monday
Mmmmh .... this sort of trouble usually occurs only when you're late.
Actually I was trying to ping you a little bit in advance:
http://lists.osgeo.org/pipermail/sac/2011-March/002986.html
.... but, it seems, I failed.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
On Sat, Apr 30, 2011 at 02:45:28PM -0700, Tyler Mitchell wrote:
Yeah I appreciate the hand. It got slowed down for a variety of
reasons, [...]
.... which happens to all of us every now and then 
[...] What happens after? I can't remember.
Users of encrypted web pages or IMAP EMail accounts (not sure if have
this sort of things) will see a notice that the current certificate has
expired.
I'm a bit uncertain what's going to happen regarding shell
authentication. Our LDAP encryption negotiation on client machines is
rather strict - which definitely is a Good Thing - but it might hurt
after the certificate has expired. We'll see.
Is there anything we can do in the meantime?
Check which places are affected
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Sun, May 1, 2011 at 12:06 AM, Martin Spott <Martin.Spott@mgras.net> wrote:
On Sat, Apr 30, 2011 at 02:45:28PM -0700, Tyler Mitchell wrote:
Yeah I appreciate the hand. It got slowed down for a variety of
reasons, [...]
.... which happens to all of us every now and then
[...] What happens after? I can't remember.
Users of encrypted web pages or IMAP EMail accounts (not sure if have
this sort of things) will see a notice that the current certificate has
expired.
I'm a bit uncertain what's going to happen regarding shell
authentication. Our LDAP encryption negotiation on client machines is
rather strict - which definitely is a Good Thing - but it might hurt
after the certificate has expired. We'll see.
Well, seems that we are "out" now:
[neteler@north raster]$ svn ci -m"html slightly prettified"
Error validating server certificate for 'https://svn.osgeo.org:443':
- The certificate has expired.
Certificate information:
- Hostname: *.osgeo.org
- Valid: from Mon, 21 Apr 2008 00:00:00 GMT until Sun, 01 May 2011 23:59:59 GMT
- Issuer: www.digicert.com, DigiCert Inc, US
- Fingerprint: ae:62:70:35:f5:7b:e4:ad:ec:91:c9:a5:cb:a2:1d:66:d1:70:9e:03
(R)eject, accept (t)emporarily or accept (p)ermanently? t
svn: Commit failed (details follow):
svn: Server sent unexpected return value (500 Internal Server Error)
in response to MKACTIVITY request for
'/grass/!svn/act/5c7c00c0-40b0-4aa6-8d7a-c9d616b73fc0'
[neteler@north raster]$ svn ci -m"html slightly prettified"
Error validating server certificate for 'https://svn.osgeo.org:443':
- The certificate has expired.
Certificate information:
- Hostname: *.osgeo.org
- Valid: from Mon, 21 Apr 2008 00:00:00 GMT until Sun, 01 May 2011 23:59:59 GMT
- Issuer: www.digicert.com, DigiCert Inc, US
- Fingerprint: ae:62:70:35:f5:7b:e4:ad:ec:91:c9:a5:cb:a2:1d:66:d1:70:9e:03
(R)eject, accept (t)emporarily or accept (p)ermanently? p
svn: Commit failed (details follow):
svn: Server sent unexpected return value (500 Internal Server Error)
in response to MKACTIVITY request for
'/grass/!svn/act/c2623583-39d7-4732-a7dd-da6e49056b24'
I missed to make my last submission by seconds...
Markus
Just off phone with the provider and they are sending the certificate in next few minutes.
Any chance Martin or others who know this stuff are around today?
On 2011-04-30, at 3:06 PM, Martin Spott wrote:
On Sat, Apr 30, 2011 at 02:45:28PM -0700, Tyler Mitchell wrote:
Yeah I appreciate the hand. It got slowed down for a variety of
reasons, [...]
.... which happens to all of us every now and then
[...] What happens after? I can't remember.
Users of encrypted web pages or IMAP EMail accounts (not sure if have
this sort of things) will see a notice that the current certificate has
expired.
I'm a bit uncertain what's going to happen regarding shell
authentication. Our LDAP encryption negotiation on client machines is
rather strict - which definitely is a Good Thing - but it might hurt
after the certificate has expired. We'll see.
Is there anything we can do in the meantime?
Check which places are affected
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
On Mon, May 02, 2011 at 10:50:04AM -0700, Tyler Mitchell wrote:
Just off phone with the provider and they are sending the certificate in next few minutes.
Any chance Martin or others who know this stuff are around today?
In general I'd say Yes. But I just got home from work and will now
first spend a few hours with the family.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
JonS and wildintellect are giving me a hand - though they are probably cringing watching me try to do it hehe
We'll manage in the meantime, thanks!
On 2011-05-02, at 11:08 AM, Martin Spott wrote:
On Mon, May 02, 2011 at 10:50:04AM -0700, Tyler Mitchell wrote:
Just off phone with the provider and they are sending the certificate in next few minutes.
Any chance Martin or others who know this stuff are around today?
In general I'd say Yes. But I just got home from work and will now
first spend a few hours with the family.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
On Mon, May 02, 2011 at 11:39:43AM -0700, Tyler Mitchell wrote:
JonS and wildintellect are giving me a hand - though they are probably cringing watching me try to do it hehe
We'll manage in the meantime, thanks!
Please try to dump sort of a transcript so I can re-read what you've
been doing wrt. LDAP authentication. I was running into severe
trouble with GnuTLS libraries on the new secure VM vs. the old keys
and certificates, hoping that things turn better with the new stuff.
Do 'we' have a completely new certificate chain now or are we still
relying on the old one ?
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
FYI - we posted some info at: http://wiki.osgeo.org/wiki/SAC:SSLCert - this is the info that some project VMs admins will need to know.
Tyler
On 2011-05-02, at 11:39 AM, Tyler Mitchell wrote:
JonS and wildintellect are giving me a hand - though they are probably cringing watching me try to do it hehe
We'll manage in the meantime, thanks!
On 2011-05-02, at 11:08 AM, Martin Spott wrote:
On Mon, May 02, 2011 at 10:50:04AM -0700, Tyler Mitchell wrote:
Just off phone with the provider and they are sending the certificate in next few minutes.
Any chance Martin or others who know this stuff are around today?
In general I'd say Yes. But I just got home from work and will now
first spend a few hours with the family.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac