The only concern that came up, is the new certificate is a Domain
Validation cert, as opposed to an Organizational Validation (OV) cert.
The difference, from what I can see is that if you view the certificate
information, the organization line is not filled in.
Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
paid ~$250/yr). So really about the same price per year to continue with
the OV cert.
Does anyone have an opinion on this? I suppose this is also the
difference if we move to letsencrypt.
The only concern that came up, is the new certificate is a Domain
Validation cert, as opposed to an Organizational Validation (OV) cert.
The difference, from what I can see is that if you view the certificate
information, the organization line is not filled in.
Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
paid ~$250/yr). So really about the same price per year to continue with
the OV cert.
Does anyone have an opinion on this? I suppose this is also the
difference if we move to letsencrypt.
Thanks,
Alex
Not sure if this is a + or - , Uber uses the cheaper DV for it's
website. No one has an opinion on this? I'd say we need to decide by end
of next week, since we can cancel our new purchase, and still renew the
old cert provider. Maybe I'll talk to people at Foss4gNA about it.
Seems we need to start moving sites tonight to the new cert we have.
Procedure is copy the files from secure to the host with *.osgeo sites.
Then in apache add/replace in ssl site-available configs, note grep all
the sites-available for 443 to find the SSL configs.
SSLEngine on
SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
This needs to happen on:
web (osgeo.org)
osgeo6 ( various projects like grass.osgeo)
tracsvn
webextra (osgeo journal)
wiki
download
adhoc?
The only concern that came up, is the new certificate is a Domain
Validation cert, as opposed to an Organizational Validation (OV) cert.
The difference, from what I can see is that if you view the certificate
information, the organization line is not filled in.
Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
paid ~$250/yr). So really about the same price per year to continue with
the OV cert.
Does anyone have an opinion on this? I suppose this is also the
difference if we move to letsencrypt.
Thanks,
Alex
Not sure if this is a + or - , Uber uses the cheaper DV for it's
website. No one has an opinion on this? I'd say we need to decide by end
of next week, since we can cancel our new purchase, and still renew the
old cert provider. Maybe I'll talk to people at Foss4gNA about it.
Seems we need to start moving sites tonight to the new cert we have.
Procedure is copy the files from secure to the host with *.osgeo sites.
Then in apache add/replace in ssl site-available configs, note grep all
the sites-available for 443 to find the SSL configs.
SSLEngine on
SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
This needs to happen on:
web (osgeo.org)
osgeo6 ( various projects like grass.osgeo)
tracsvn
webextra (osgeo journal)
wiki
download
adhoc?
The only concern that came up, is the new certificate is a Domain
Validation cert, as opposed to an Organizational Validation (OV) cert.
The difference, from what I can see is that if you view the certificate
information, the organization line is not filled in.
Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
paid ~$250/yr). So really about the same price per year to continue with
the OV cert.
Does anyone have an opinion on this? I suppose this is also the
difference if we move to letsencrypt.
Thanks,
Alex
Not sure if this is a + or - , Uber uses the cheaper DV for it's
website. No one has an opinion on this? I'd say we need to decide by end
of next week, since we can cancel our new purchase, and still renew the
old cert provider. Maybe I'll talk to people at Foss4gNA about it.
Seems we need to start moving sites tonight to the new cert we have.
Procedure is copy the files from secure to the host with *.osgeo sites.
Then in apache add/replace in ssl site-available configs, note grep all
the sites-available for 443 to find the SSL configs.
SSLEngine on
SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
This needs to happen on:
web (osgeo.org)
osgeo6 ( various projects like grass.osgeo)
tracsvn
webextra (osgeo journal)
wiki
download
adhoc?
The only concern that came up, is the new certificate is a Domain
Validation cert, as opposed to an Organizational Validation (OV) cert.
The difference, from what I can see is that if you view the certificate
information, the organization line is not filled in.
Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
paid ~$250/yr). So really about the same price per year to continue with
the OV cert.
Does anyone have an opinion on this? I suppose this is also the
difference if we move to letsencrypt.
Thanks,
Alex
Not sure if this is a + or - , Uber uses the cheaper DV for it's
website. No one has an opinion on this? I'd say we need to decide by end
of next week, since we can cancel our new purchase, and still renew the
old cert provider. Maybe I'll talk to people at Foss4gNA about it.
Seems we need to start moving sites tonight to the new cert we have.
Procedure is copy the files from secure to the host with *.osgeo sites.
Then in apache add/replace in ssl site-available configs, note grep all
the sites-available for 443 to find the SSL configs.
SSLEngine on
SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
This needs to happen on:
web (osgeo.org)
osgeo6 ( various projects like grass.osgeo)
tracsvn
webextra (osgeo journal)
wiki
download
adhoc?
webextra(journal and live) done.
osgeo6( grass, grasswiki, and lists) done.
no sites on adhoc or downloads have ssl currently.
Biggest thing I noticed, we still have some sites that don't redirect
logins to always use https. Also some sites have mixed content, fdo and
journal, we should find a fix for that.
Let me know if I missed any sites.
Thanks,
Alex
On 2016-04-30 17:42, Alex Mandel wrote:
web (www and fdo) done
On 2016-04-30 17:26, Alex Mandel wrote:
wiki done.
On 2016-04-30 17:17, Alex Mandel wrote:
trac,git and subversion (tracsvn) done.
I could use some help rolling this out, as some timezones are already
hitting the expiration date.
The only concern that came up, is the new certificate is a Domain
Validation cert, as opposed to an Organizational Validation (OV) cert.
The difference, from what I can see is that if you view the certificate
information, the organization line is not filled in.
Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
paid ~$250/yr). So really about the same price per year to continue with
the OV cert.
Does anyone have an opinion on this? I suppose this is also the
difference if we move to letsencrypt.
Thanks,
Alex
Not sure if this is a + or - , Uber uses the cheaper DV for it's
website. No one has an opinion on this? I'd say we need to decide by end
of next week, since we can cancel our new purchase, and still renew the
old cert provider. Maybe I'll talk to people at Foss4gNA about it.
Seems we need to start moving sites tonight to the new cert we have.
Procedure is copy the files from secure to the host with *.osgeo sites.
Then in apache add/replace in ssl site-available configs, note grep all
the sites-available for 443 to find the SSL configs.
SSLEngine on
SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
This needs to happen on:
web (osgeo.org)
osgeo6 ( various projects like grass.osgeo)
tracsvn
webextra (osgeo journal)
wiki
download
adhoc?
webextra(journal and live) done.
osgeo6( grass, grasswiki, and lists) done.
no sites on adhoc or downloads have ssl currently.
Biggest thing I noticed, we still have some sites that don’t redirect
logins to always use https. Also some sites have mixed content, fdo and
journal, we should find a fix for that.
Let me know if I missed any sites.
Thanks,
Alex
On 2016-04-30 17:42, Alex Mandel wrote:
web (www and fdo) done
On 2016-04-30 17:26, Alex Mandel wrote:
wiki done.
On 2016-04-30 17:17, Alex Mandel wrote:
trac,git and subversion (tracsvn) done.
I could use some help rolling this out, as some timezones are already
hitting the expiration date.
The only concern that came up, is the new certificate is a Domain
Validation cert, as opposed to an Organizational Validation (OV) cert.
The difference, from what I can see is that if you view the certificate
information, the organization line is not filled in.
Comodo has offered us a renewal package, for 5 years at ~$1200 (we just
paid ~$250/yr). So really about the same price per year to continue with
the OV cert.
Does anyone have an opinion on this? I suppose this is also the
difference if we move to letsencrypt.
Thanks,
Alex
Not sure if this is a + or - , Uber uses the cheaper DV for it’s
website. No one has an opinion on this? I’d say we need to decide by end
of next week, since we can cancel our new purchase, and still renew the
old cert provider. Maybe I’ll talk to people at Foss4gNA about it.
Seems we need to start moving sites tonight to the new cert we have.
Procedure is copy the files from secure to the host with *.osgeo sites.
Then in apache add/replace in ssl site-available configs, note grep all
the sites-available for 443 to find the SSL configs.
SSLEngine on
SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
This needs to happen on:
web (osgeo.org)
osgeo6 ( various projects like grass.osgeo)
tracsvn
webextra (osgeo journal)
wiki
download
adhoc?
Planet like many other sites, never had an https configuration. I have
added one now, however this site has the mixed content error, where some
parts are not delivered over https.
This is often because js, css or image file locations are hard coded
with http:// instead of being dynamic. Someone more familiar with the
planet software, should look into that.
Sent from my phone, excuse my brevity.
El 1/5/2016 3:00, "Alex Mandel" <tech_dev@wildintellect.com> escribió:
webextra(journal and live) done.
osgeo6( grass, grasswiki, and lists) done.
no sites on adhoc or downloads have ssl currently.
Biggest thing I noticed, we still have some sites that don't redirect
logins to always use https. Also some sites have mixed content, fdo and
journal, we should find a fix for that.
Let me know if I missed any sites.
Thanks,
Alex
On 2016-04-30 17:42, Alex Mandel wrote:
web (www and fdo) done
On 2016-04-30 17:26, Alex Mandel wrote:
wiki done.
On 2016-04-30 17:17, Alex Mandel wrote:
trac,git and subversion (tracsvn) done.
I could use some help rolling this out, as some timezones are already
hitting the expiration date.
Planet like many other sites, never had an https configuration. I have
added one now, however this site has the mixed content error, where some
parts are not delivered over https.
This is often because js, css or image file locations are hard coded
with http:// instead of being dynamic. Someone more familiar with the
planet software, should look into that.
Thanks,
Alex
On 05/01/2016 04:28 AM, Jorge Sanz wrote:
> Hi Alex,
>
> [https://planet.osgeo.org](https://planet.osgeo.org) is showing the journal site, can you fix it,
> please?
>
> Thanks!
> --
> Jorge Sanz
>
> Sent from my phone, excuse my brevity.
> El 1/5/2016 3:00, "Alex Mandel" <tech_dev@wildintellect.com> escribió:
>
>
> > webextra(journal and live) done.
> > osgeo6( grass, grasswiki, and lists) done.
> >
> > no sites on adhoc or downloads have ssl currently.
> >
> > Biggest thing I noticed, we still have some sites that don't redirect
> > logins to always use https. Also some sites have mixed content, fdo and
> > journal, we should find a fix for that.
> >
> > Let me know if I missed any sites.
> >
> > Thanks,
> > Alex
> >
> > On 2016-04-30 17:42, Alex Mandel wrote:
> >
> > > web (www and fdo) done
> > >
> > > On 2016-04-30 17:26, Alex Mandel wrote:
> > >
> > > > wiki done.
> > > >
> > > > On 2016-04-30 17:17, Alex Mandel wrote:
> > > >
> > > > > trac,git and subversion (tracsvn) done.
> > > > >
> > > > > I could use some help rolling this out, as some timezones are already
> > > > > hitting the expiration date.
> > > > >
> > > > > Find me on IRC if you can help.
> > > > >
> > > > > Thanks,
> > > > > Alex
> > > > >
> > > > > On 2016-04-29 20:37, Alex Mandel wrote:
> > > > >
> > > > > > On 2016-04-29 10:31, Alex M wrote:
> > > > > >
> > > > > > > Ok, I've got the new cert and have tested it on
> > > > > > > [https://live.osgeo.org/en/index.html](https://live.osgeo.org/en/index.html)
> > > > > > >
> > > > > > > The only concern that came up, is the new certificate is a Domain
> > > > > > > Validation cert, as opposed to an Organizational Validation (OV)
> >
> > cert.
> >
> > > > > > > The difference, from what I can see is that if you view the
> >
> > certificate
> >
> > > > > > > information, the organization line is not filled in.
> > > > > > >
> > > > > > > Comodo has offered us a renewal package, for 5 years at ~$1200 (we
> >
> > just
> >
> > > > > > > paid ~$250/yr). So really about the same price per year to continue
> >
> > with
> >
> > > > > > > the OV cert.
> > > > > > >
> > > > > > > Does anyone
> > > > > > > have an
> > > > > > > opinion on this? I suppose this is also the
> > > > > > > difference if we move to letsencrypt.
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Alex
> > > > > >
> > > > > > Not sure if this is a + or - , Uber uses the cheaper DV for it's
> > > > > > website. No one has an opinion on this? I'd say we need to decide by
> >
> > end
> >
> > > > > > of next week, since we can cancel our new purchase, and still renew
> >
> > the
> >
> > > > > > old cert provider. Maybe I'll talk to people at Foss4gNA about it.
> > > > > >
> > > > > > Seems we need to start moving sites tonight to the new cert we have.
> > > > > > Procedure is copy the files from secure to the host with *.osgeo
> >
> > sites.
> >
> > > > > > Then in apache add/replace in ssl site-available configs, note grep
> >
> > all
> >
> > > > > > the sites-available for 443 to find the SSL configs.
> > > > > >
> > > > > > SSLEngine on
> > > > > > SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
> > > > > > SSLCertificateKeyFile
> > > > > > /etc/ssl/private/star_osgeo_org2016.key
> > > > > > SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
> > > > > >
> > > > > > This needs to happen on:
> > > > > > web ([osgeo.org](http://osgeo.org))
> > > > > > osgeo6 ( various projects like grass.osgeo)
> > > > > > tracsvn
> > > > > > webextra (osgeo journal)
> > > > > > wiki
> > > > > > download
> > > > > > adhoc?
> > > > > >
> > > > > > Any volunteers? Needs to happen before May 1st.
> > > > > >
> > > > > > Thanks,
> > > > > > Alex
> >
> > ---
> >
> > Sac mailing list
> > Sac@lists.osgeo.org
> > [http://lists.osgeo.org/mailman/listinfo/sac](http://lists.osgeo.org/mailman/listinfo/sac)
---
Sac mailing list
Sac@lists.osgeo.org
[http://lists.osgeo.org/mailman/listinfo/sac](http://lists.osgeo.org/mailman/listinfo/sac)
–
Sent from my Android device with K-9 Mail. Please excuse my brevity.
On Sun, May 01, 2016 at 06:15:51PM +0200, Sandro Santilli wrote:
On Fri, Apr 29, 2016 at 08:37:37PM -0700, Alex Mandel wrote:
> Then in apache add/replace in ssl site-available configs, note grep all
> the sites-available for 443 to find the SSL configs.
>
> SSLEngine on
> SSLCertificateFile /etc/ssl/osgeo/STAR_osgeo_org.crt
> SSLCertificateKeyFile /etc/ssl/private/star_osgeo_org2016.key
> SSLCertificateChainFile /etc/ssl/osgeo/ca-bundle-client.crt
I noticed SSLCACertificateFile was removed.
Don't know if it's related, but now git doesn't trust https anymore,
for example:
On Fri, Apr 29, 2016 at 08:37:37PM -0700, Alex Mandel wrote:
Not sure if this is a + or - , Uber uses the cheaper DV for it's
website. No one has an opinion on this?
I do, but unfortunately the timing didn't match ....
I always use at least OV for the stuff I'm serious about, but several
customers go for DV simply because it's cheap and they don't care.
Your bank will certainly not rely on DV only, they almost always
will/should use EV instead.
Thus, if OSGeo can affort it, then I'd definitely vote for OV at
minimum. I have to admit it wasn't clear to me from the SSL.com page
that they were offering DV only for the given price.
And I'm willing to pursue the next certificate change.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Fri, Apr 29, 2016 at 08:37:37PM -0700, Alex Mandel wrote:
This needs to happen on:
LDAP - done
To me it looks like different and inconsistent variations from the
standard directory naming schema for SSL keys and certs are being used
on OSGeo infrastructure. I've found certificates in at least:
/etc/ssl/certs/ # the default
/etc/ssl/crt/
/etc/ssl/osgeo/
/etc/ssl/certs/osgeo/
.... while the private keys are in:
/etc/ssl/private/ # default
I think we should either stick to the default or create a consistent
derivative like:
We might even consider negotiating on fixed filenames so we don't need
to change every config file every time
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Yes the dir are non-standard.
Why, to avoid confusion with the old cert, and not pile it in a
directory with a bunch of other defaults chain files from the OS.
I actually left the old cert in place, so it's easy to toggle between
different certs in case it didn't work right. Sure some cleanup should
happen. Probably after we settle this question about DV vs OV. I didn't
realize it was a DV cert either until after we bought it. Explains the
price difference. Though it's not clear that anyone actually cares since
you can't tell without inspecting the cert. Note to those suggesting
letsencrypt, that too would only be a DV cert.
Thanks,
Alex
On 05/01/2016 06:43 PM, Martin Spott wrote:
On Fri, Apr 29, 2016 at 08:37:37PM -0700, Alex Mandel wrote:
This needs to happen on:
LDAP - done
To me it looks like different and inconsistent variations from the
standard directory naming schema for SSL keys and certs are being used
on OSGeo infrastructure. I've found certificates in at least:
/etc/ssl/certs/ # the default
/etc/ssl/crt/
/etc/ssl/osgeo/
/etc/ssl/certs/osgeo/
.... while the private keys are in:
/etc/ssl/private/ # default
I think we should either stick to the default or create a consistent
derivative like:
It's not the Ownership info, it's the Organization (O) line, right after
the common name. That's the only difference I've found.
I'll also note, it's harder to hijack the account, since even when
logging in you basically can't do anything on Comodo (our old cert) and
I've been going back and forth with them about updating the contact
email address, which requires emailing from the current account to a
specific address on their side requesting the change.
Since we don't do an $ transactions, I can't really say if it's worth it
or not.
On Mon, May 02, 2016 at 09:57:48AM -0400, Alex M wrote:
On 05/02/2016 09:51 AM, Sandro Santilli wrote:
> On Mon, May 02, 2016 at 09:33:34AM -0400, Alex M wrote:
>
>> Note to those suggesting
>> letsencrypt, that too would only be a DV cert.
>
> Am I reading it correctly that https://wikipedia.org
> and https://fsf.org are also using a DV cert ?
>
> My browser reports (upon asking for more information):
>
> "This website does not supply ownership information."
It's not the Ownership info, it's the Organization (O) line, right after
the common name. That's the only difference I've found.
My current browser (Iceweasel 38.7.0) doesn't show an Organization
line for the SSL certificate. The only difference I see between
the (say) paypal or wikipedia account is the "ownership information".
I'll also note, it's harder to hijack the account, since even when
logging in you basically can't do anything on Comodo (our old cert) and
I've been going back and forth with them about updating the contact
email address, which requires emailing from the current account to a
specific address on their side requesting the change.
Since we don't do an $ transactions, I can't really say if it's worth it
or not.
I guess it depends on priorities and funds availability.
I'd like to see the disk space fixed, for example, and newer
machines to host newer services.
My browser reports (upon asking for more information):
"This website does not supply ownership information."
It's not the Ownership info, it's the Organization (O) line, right after
the common name. That's the only difference I've found.
My current browser (Iceweasel 38.7.0) doesn't show an Organization
line for the SSL certificate. The only difference I see between
the (say) paypal or wikipedia account is the "ownership information".
I'll also note, it's harder to hijack the account, since even when
logging in you basically can't do anything on Comodo (our old cert) and
I've been going back and forth with them about updating the contact
email address, which requires emailing from the current account to a
specific address on their side requesting the change.
Since we don't do an $ transactions, I can't really say if it's worth it
or not.
I guess it depends on priorities and funds availability.
I'd like to see the disk space fixed, for example, and newer
machines to host newer services.
This decision in no way impacts our ability to buy a new machine (next
year, we just bought one last year). As for disk space, we actually have
the space, just a technical thing that we need to allocate more where
it's needed.
We're also talking about ~$500 difference, but 2 additional years.
It would however incur a time cost, of dealing with the refund,
purchase, and installation of another cert.
Following the thread, it seems like DV solves the immediate problem.
Given the limited time and energy available to SAC, and the possibility of migrating to something like LetsEncrypt later, I’d be inclined to leave it at that, rather than burn those resources refunding and reworking the certificate.
On 05/02/2016 11:16 AM, Sandro Santilli wrote:
> On Mon, May 02, 2016 at 09:57:48AM -0400, Alex M wrote:
>
> > On 05/02/2016 09:51 AM, Sandro Santilli wrote:
> >
> > > On Mon, May 02, 2016 at 09:33:34AM -0400, Alex M wrote:
> > >
> > > > Note to those suggesting
> > > > letsencrypt, that too would only be a DV cert.
> > >
> > > Am I reading it correctly that [https://wikipedia.org](https://wikipedia.org)
> > > and [https://fsf.org](https://fsf.org) are also using
> > > a DV
> > > cert ?
> > >
> > > My browser reports (upon asking for more information):
> > >
> > > "This website does not supply ownership information."
>
>
>
> > It's not the Ownership info, it's the Organization (O) line, right after
> > the common name. That's the only difference I've found.
>
>
> My current browser (Iceweasel 38.7.0) doesn't show an Organization
> line for the SSL certificate. The only difference I see between
> the (say) paypal or wikipedia account is the "ownership information".
>
>
> > I'll also note, it's harder to hijack the account, since even when
> > logging in you basically can't do anything on Comodo (our old cert) and
> > I've been going back and forth with t
> > hem
> > about updating the contact
> > email address, which requires emailing from the current account to a
> > specific address on their side requesting the change.
> >
> > Since we don't do an $ transactions, I can't really say if it's worth it
> > or not.
>
>
> I guess it depends on priorities and funds availability.
> I'd like to see the disk space fixed, for example, and newer
> machines to host newer services.
This decision in no way impacts our ability to buy a new machine (next
year, we just bought one last year). As for disk space, we actually have
the space, just a technical thing that we need to allocate more where
it's needed.
We're also talking about ~$500 difference, but 2 additional years.
It would however incur a time cost, of dealing with the refund,
purchase, and installation of another cert.
Thanks,
Alex
---
Sac mailing list
Sac@lists.osgeo.org
[http://lists.osgeo.org/mailman/listinfo/sac](http://lists.osgeo.org/mailman/listinfo/sac)
–
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Probably not a certificate issue but Chrome in my Android tablet reports that the site (trac.osgeo.org) “uses an outdated encryption TLS 1.0”.
Ari
···
02.05.2016, 19:04, Harrison Grundy kirjoitti:
Following the thread, it seems like DV solves the immediate problem.
Given the limited time and energy available to SAC, and the possibility of migrating to something like LetsEncrypt later, I’d be inclined to leave it at that, rather than burn those resources refunding and reworking the certificate.
On 05/02/2016 11:16 AM, Sandro Santilli wrote:
> On Mon, May 02, 2016 at 09:57:48AM -0400, Alex M wrote:
>
> > On 05/02/2016 09:51 AM, Sandro Santilli wrote:
> >
> > > On Mon, May 02, 2016 at 09:33:34AM -0400, Alex M wrote:
> > >
> > > > Note to those suggesting
> > > > letsencrypt, that too would only be a DV cert.
> > >
> > > Am I reading it correctly that [https://wikipedia.org](https://wikipedia.org)
> > > and [https://fsf.org](https://fsf.org) are also using
> > > a DV
> > > cert ?
> > >
> > > My browser reports (upon asking for more information):
> > >
> > > "This website does not supply ownership information."
>
>
>
> > It's not the Ownership info, it's the Organization (O) line, right after
> > the common name. That's the only difference I've found.
>
>
> My current browser (Iceweasel 38.7.0) doesn't show an Organization
> line for the SSL certificate. The only difference I see between
> the (say) paypal or wikipedia account is the "ownership information".
>
>
> > I'll also note, it's harder to hijack the account, since even when
> > logging in you basically can't do anything on Comodo (our old cert) and
> > I've been going back and forth with t
> > hem
> > about updating the contact
> > email address, which requires emailing from the current account to a
> > specific address on their side requesting the change.
> >
> > Since we don't do an $ transactions, I can't really say if it's worth it
> > or not.
>
>
> I guess it depends on priorities and funds availability.
> I'd like to see the disk space fixed, for example, and newer
> machines to host newer services.
This decision in no way impacts our ability to buy a new machine (next
year, we just bought one last year). As for disk space, we actually have
the space, just a technical thing that we need to allocate more where
it's needed.
We're also talking about ~$500 difference, but 2 additional years.
It would however incur a time cost, of dealing with the refund,
purchase, and installation of another cert.
Thanks,
Alex
---
Sac mailing list
[Sac@lists.osgeo.org](mailto:Sac@lists.osgeo.org)
[http://lists.osgeo.org/mailman/listinfo/sac](http://lists.osgeo.org/mailman/listinfo/sac)
– Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
Sac mailing list
[Sac@lists.osgeo.org](mailto:Sac@lists.osgeo.org)
[http://lists.osgeo.org/mailman/listinfo/sac](http://lists.osgeo.org/mailman/listinfo/sac)
