Even if we try to hold off for now, we're eventually going to need certificates for fedoraproject.org, preferably by a CA that is already recognized by the more common browsers. I would personally like to see us get a certificate for "fedoraproject.org" (no subdomain), make "www.fedoraproject.org" a CNAME to "fedoraproject.org", and put all content that we need under SSL within the "https://fedoraproject.org/"; namespace, using reverse proxies if necessary, and not on subdomains. People with a great deal of experience with DNS and SSL should understand my technical reasons for this, but it's also the cheaper way to go. -- Patrick "The N-Man" Barnes nman64@xxxxxxxxx http://www.n-man.com/ LinkedIn: http://www.linkedin.com/in/nman64 Have I been helpful? Rate my assistance! http://rate.affero.net/nman64/ --
--- Begin Message ---
- Subject: Re: [Fedora-sysadmin-list] ssl cert for admin.fedora.redhat.com
- From: Warren Togami <wtogami@xxxxxxxxxx>
- Date: Mon, 28 Aug 2006 13:08:07 -0400
- Cc:
- Delivered-to: n-man@xxxxxxxxx
- In-reply-to: <44F1F85C.8080307@xxxxxxxxxx>
- Reply-to: Fedora Administration and Infrastructure project <fedora-sysadmin-list@xxxxxxxxxx>
- User-agent: Thunderbird 1.5.0.5 (X11/20060803)
Warren Togami wrote:Matthew Galgoci wrote:All: I am going to purchase and install an authenticated ssl cert for admin.fedora.redhat.com so that we no longer get warnings about an invalid or self signed cert. I will post the fingerprint of the new key/cert once I have it.Hi Matthew, https://admin.fedoraproject.org/accounts/Thank you for getting this SSL cert, however I was a bit puzzled when it happened because AFAIK we had no discussion prior.https://admin.fedoraproject.org/accounts/The project as a whole is trying to use fedoraproject.org whenever possible in order to better promote the community/company partnership that is the Fedora Project.Should we standardize on admin.fedora.redhat.com for that particular service, or should we get an SSL cert for admin.fedoraproject.org too?Warren Togami wtogami@xxxxxxxxxxIn talking with Matthew Galgoci, he is not comfortable with being responsible for the SSL certs of fedoraproject.org because he does not control that DNS. We both feel that this decision should be made by FPB, and managed by the Board if we do decide to get our own SSL certs.Warren Togami wtogami@xxxxxxxxxx -- Fedora-sysadmin-list mailing list Fedora-sysadmin-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-sysadmin-list
--- End Message ---
Attachment:
pgpHpBd0rMfNf.pgp
Description: PGP signature
_______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
_______________________________________________ fedora-advisory-board-readonly mailing list fedora-advisory-board-readonly@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board-readonly
