[wplug-internet] [#KDT-295-77649]: Re: SSL Certificate Renewal Notice:www.wplug.org

Pat Barron pat at lectroid.com
Sun Aug 30 17:13:34 EDT 2015


It's not quite as simple as that....

We're very much aware of where the certificate goes and how to configure 
HTTPS - the current certificate is actually there now.  If you go to any 
page on the wiki, you'll find that there is an HTTPS version of it as 
well.  This exists right now, we'd already had it set up for testing and 
to try to get HTTPS into production.

One issue is, the HTTPS versions of the pages aren't styled correctly.  
I suspect this is something in the Mediawiki settings. You can look at 
some pages using HTTPS to see what I mean.

Another issue is, if someone comes in on the HTTP version of the page 
and logs in, and we redirect them to HTTPS to log in, and then they flip 
back to HTTP to use the site - does the authentication cookie still work 
for them, or is it constrained to only be honored when using HTTPS?  
That may be somewhere in the Mediawiki settings, too.  If there's no way 
to make that happen (not setting the "Secure" flag on the cookie), then 
I guess we'd need to redirect all traffic to the wiki into HTTPS and 
declare HTTP on the wiki to be deprecated.

If you have any time to hack on stuff to advance our use of SSL on the 
wiki, these would be good places to start investigating.

--Pat.



On 08/30/2015 07:22 AM, John Lewis wrote:
> I figured out where to put it once we get it. We need it on at least 
> our login page, if not the entire wiki.
>
> On 08/29/2015 05:43 PM, Pat Barron wrote:
>> [ Removed Namecheap support from discussion ]
>>
>> Hi John,
>>
>> There is a previous wplug-internet thread on this topic:
>>
>> http://www.wplug.org/pipermail/wplug-internet/2015-August/000525.html
>>
>> The board has not approved any expenditure to renew this certificate 
>> (or even discussed it yet), but it's OK because this certificate is 
>> not in production, for anything, at this time.
>>
>> We should renew it whenever we're ready to actually do anything with 
>> it (or perhaps, if it's available by that time, get a free 
>> certificate from the Let's Encrypt project) - it's a domain-validated 
>> certificate, so issuance (and renewal) is pretty instantaneous.  Are 
>> you thinking you'll be in a position to need an SSL certificate 
>> signed by a "real" CA on the server in the next couple of weeks?  I 
>> remember you mentioning that you wanted to do some work on the 
>> membership portal soon...
>>
>> If you think you'll be in a position to be able to use it before next 
>> board meeting, I'll go ahead and renew it now, and ask the board to 
>> ratify the expenditure at the next meeting.  It's only $9.00/year, 
>> and worst case if the board wants to be difficult and not approve the 
>> expense, I suppose I can always donate the cost.  ;-)
>>
>> At that point, I'd just need to figure out if Namecheap can use the 
>> same CSR we sent them last time, or if we have to go through the 
>> whole process all over again (generating a new private key and CSR).
>>
>> --Pat.
>>
>>
>>
>> On 08/28/2015 08:00 AM, John Lewis wrote:
>>> I would like to get the renew for WPLUG, but I don't believe I have 
>>> access to the credit card. I can login to the account and check to 
>>> see what I can do to get the renew done because it has been approved 
>>> by the board which I am the vice-chair of, but I have to deal with 
>>> this around 4 PM today, because I have to get to work.
>>>
>>> On 08/28/2015 07:04 AM, Josip Gritsak wrote:
>>>> Hello John,
>>>>
>>>> Thank you for contacting us!
>>>>
>>>> Could you please specify what you mean in order for us to assist 
>>>> you to the best of our ability?
>>>>
>>>> Thank you for your understanding, we are looking forward to hearing 
>>>> from you.
>>>>
>>>> ----------------
>>>> Regards,
>>>> Josip Gritsak
>>>> Customer Support
>>>>
>>>> For more updates, please visit: http://status.namecheap.com/
>>>>
>>>> Ticket Details
>>>> ------------------------------------------------------------------------
>>>> Ticket ID: KDT-295-77649
>>>> Department: SSL Certificates -- Technical Support
>>>> Type: Issue
>>>> Status: Awaiting Client Response
>>>> Priority: High
>>>>
>>>> Helpdesk: https://support.namecheap.com/index.php?
>>>
>>>
>>>
>>> _______________________________________________
>>> wplug-internet mailing list
>>> wplug-internet at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug-internet
>>
>>
>>
>> _______________________________________________
>> wplug-internet mailing list
>> wplug-internet at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug-internet
>
>
>
> _______________________________________________
> wplug-internet mailing list
> wplug-internet at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug-internet

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.wplug.org/pipermail/wplug-internet/attachments/20150830/52b72ef4/attachment.html>


More information about the wplug-internet mailing list