Thanks for starting on this, Olaf. Andres Purtell is VP right now, but I don't think we need to deal with any of the commercial CAs, nor get INFRA, Ross or ASF budget into this. I'd recommend to use EFF "Let’s Encrypt" initiative [1] to get the SSL certificate for free and be done with it. Check [2] for more info
[1] https://letsencrypt.org/ [2] https://www.eff.org/deeplinks/2015/12/lets-encrypt-project-comes-fruition-2015-review I will comment on the INFRA ticket Cos On Tue, Feb 09, 2016 at 06:43PM, Olaf Flebbe wrote: > Hi > > I asked INFRA wether it is possible to get a SSL Certificate for our CI. > > This is in my opinion necessary to protect the credentials of the CI against > random hackers. (I accidentially used the CI on a open Wifi at FOSDEM, > oops). > > Please see INFRA-11187 .Point is that bigtop VP (cos?, rvs?) has to talk > with Apache President (currently Ross Gardler) about getting the cost of > this cert budgeted. > > Unsure how to proceed: > > Other possibilities could be that we find a sponsor for that. > > Other possibilities which comes in my mind now is using the free Let's > Encrypt! https://letsencrypt.org certificates . I do not know if we can use > it. > > Least possibility to use a private (snakeoil) certificate, at least the > traffic is crypted, but on the other side users get an ugly warning page. > > What do you think? > > Cheers, > Olaf
signature.asc
Description: Digital signature
