Would the person who setup the openib-windows Wiki or someone who is knowledgeable of the Wiki setup please contact me w.r.t. the Wiki being moved if it's not already at an OpenFabrics Alliance server. >From Jan's response this could be the case, hence a certificate refresh (aka $$ & email) is all that is needed?
Thanks Jan. Stan. PS: Jim this might cost you $$? Jan Bottorff wrote: > Hi, > > The SSL certificate used for wiki.openfabrics.org is basically bogus. > > 1) the embedded name is staging.openfabrics.org (to be correct it > needs to really match what's in the url), browsers check this so then > can authenticate who is at the other end of the url (this prevents dns > spoofing, which can make www.citibank.com actually send some people to > the ip address for hackers.areus.com) > > 2) the certificate expired 1/19/2007 > > 3) the certificate is self signed, not from a real certificate > authority (the thing that prevents hackers.areus.com from just self > signing a certificate that has www.citibank.com is browsers only > accept certificates that have a parent (or parents parent) that is > rooted in trusted certificates, unless you explicitly tell your > browser to trust a certificate > > The lowest cost real SSL certificates I know of are at godaddy.com. > The simplest one is $20/year (for a single site certificate like > wiki.openfabrics.org). If you want a wildcard certificate (i.e. > *.openfabrics.org) its $199/year. This validates in something like 98% > of browsers. The $500 Verisign certificates validate in like 99.9% of > browsers. > > The process to get a real SSL certificate basically is someone who has > appropriate access to the web server needs to generate a certificate > signing request (csr) with a private key. You keep the private key, > and you send the csr to the certificate authority (and perhaps tell > them which web server you use). They will validate your identity ($20 > doesn't get much validation, like that the owner of the domain has > your email address), sign the csr with a private key that has in it's > parent chain one of the roots sorted in web browsers, and send you > back the signed certificate. This certificate, along with the private > key which you carefully kept secret, needs to then be configured in > the web server and ssl works as intended. As I remember, the last > time I used a low cost godaddy.com certificate, I also had to add an > intermediate certificate in the chain to the web server, to be sent > along with the site certificate. This is because godaddy's > certificate is the child of a child of a validated root. The web > servers all know how to configure these intermediate certificates and > are not uncommon (like a big corporation would get a corporate > subroot signed by a validated root, to use in their corporate > certificate authority, which then signs the certificates of a > department, and ssl is happy). > > > Jan > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Stan > Sent: Monday, October 01, 2007 10:24 AM > To: [email protected] > Subject: [ofw] Resolution for missing header files in build > processdocumented @ openib-wiki FAQ > > > See https://wiki.openfabrics.org/tiki-index.php?page=Windows+FAQ > > BTW, does anyone know how to correct the problem with this website's > security certificate? > It's hard to maintain a semblance of credibility when we don't even > fix our own web page... > > Thanks, > > Stan. > _______________________________________________ > ofw mailing list > [email protected] > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw _______________________________________________ ofw mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
