One more thought about the certificate: This certificate is needed since we are using https and not http. Is there any reason not to use http?
Thanks Tzachi > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ryan, Jim > Sent: Tuesday, October 02, 2007 11:10 PM > To: Smith, Stan; [email protected] > Cc: [EMAIL PROTECTED] > Subject: [ofw] RE: openfabrics.org ssl certificate > > Money well spent > > -----Original Message----- > From: Smith, Stan > Sent: Tuesday, October 02, 2007 1:31 PM > To: [email protected] > Cc: Ryan, Jim; [EMAIL PROTECTED] > Subject: RE: openfabrics.org ssl certificate > > > Would the person who setup the openib-windows Wiki or someone who is > knowledgeable of the Wiki setup please contact me w.r.t. the > Wiki being > moved if it's not already at an OpenFabrics Alliance server. > >From Jan's response this could be the case, hence a > certificate refresh > (aka $$ & email) is all that is needed? > > Thanks Jan. > > Stan. > > PS: Jim this might cost you $$? > > > > Jan Bottorff wrote: > > Hi, > > > > The SSL certificate used for wiki.openfabrics.org is > basically bogus. > > > > 1) the embedded name is staging.openfabrics.org (to be correct it > > needs to really match what's in the url), browsers check > this so then > > can authenticate who is at the other end of the url (this > prevents dns > > spoofing, which can make www.citibank.com actually send > some people to > > the ip address for hackers.areus.com) > > > > 2) the certificate expired 1/19/2007 > > > > 3) the certificate is self signed, not from a real certificate > > authority (the thing that prevents hackers.areus.com from just self > > signing a certificate that has www.citibank.com is browsers only > > accept certificates that have a parent (or parents parent) that is > > rooted in trusted certificates, unless you explicitly tell your > > browser to trust a certificate > > > > The lowest cost real SSL certificates I know of are at godaddy.com. > > The simplest one is $20/year (for a single site certificate like > > wiki.openfabrics.org). If you want a wildcard certificate (i.e. > > *.openfabrics.org) its $199/year. This validates in > something like 98% > > of browsers. The $500 Verisign certificates validate in > like 99.9% of > > browsers. > > > > The process to get a real SSL certificate basically is > someone who has > > appropriate access to the web server needs to generate a certificate > > signing request (csr) with a private key. You keep the private key, > > and you send the csr to the certificate authority (and perhaps tell > > them which web server you use). They will validate your > identity ($20 > > doesn't get much validation, like that the owner of the domain has > > your email address), sign the csr with a private key that > has in it's > > parent chain one of the roots sorted in web browsers, and send you > > back the signed certificate. This certificate, along with > the private > > key which you carefully kept secret, needs to then be configured in > > the web server and ssl works as intended. As I remember, the last > > time I used a low cost godaddy.com certificate, I also had to add an > > intermediate certificate in the chain to the web server, to be sent > > along with the site certificate. This is because godaddy's > > certificate is the child of a child of a validated root. The web > > servers all know how to configure these intermediate > certificates and > > are not uncommon (like a big corporation would get a corporate > > subroot signed by a validated root, to use in their corporate > > certificate authority, which then signs the certificates of a > > department, and ssl is happy). > > > > > > Jan > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Stan > > Sent: Monday, October 01, 2007 10:24 AM > > To: [email protected] > > Subject: [ofw] Resolution for missing header files in build > > processdocumented @ openib-wiki FAQ > > > > > > See https://wiki.openfabrics.org/tiki-index.php?page=Windows+FAQ > > > > BTW, does anyone know how to correct the problem with this website's > > security certificate? > > It's hard to maintain a semblance of credibility when we don't even > > fix our own web page... > > > > Thanks, > > > > Stan. > > _______________________________________________ > > ofw mailing list > > [email protected] > > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw > _______________________________________________ > ofw mailing list > [email protected] > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw > _______________________________________________ ofw mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
