[ofw] RE: openfabrics.org ssl certificate

Erez Cohen erezc at mellanox.co.il
Wed Oct 3 04:58:47 PDT 2007


Last I know Jeff Scott (jeff at splitrockpr.com) was the webmaster. He may
know. 

-----Original Message-----
From: ofw-bounces at lists.openfabrics.org
[mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Smith, Stan
Sent: Tuesday, October 02, 2007 10:31 PM
To: ofw at lists.openfabrics.org
Cc: jeff.c.becker at gmail.com
Subject: [ofw] RE: openfabrics.org ssl certificate


Would the person who setup the openib-windows Wiki or someone who is
knowledgeable of the Wiki setup please contact me w.r.t. the Wiki being
moved if it's not already at an OpenFabrics Alliance server.
>From Jan's response this could be the case, hence a certificate refresh
(aka $$ & email) is all that is needed?

Thanks Jan.

Stan.

PS: Jim this might cost you $$?



Jan Bottorff wrote:
> Hi,
> 
> The SSL certificate used for wiki.openfabrics.org is basically bogus.
> 
> 1) the embedded name is staging.openfabrics.org (to be correct it 
> needs to really match what's in the url), browsers check this so then 
> can authenticate who is at the other end of the url (this prevents dns

> spoofing, which can make www.citibank.com actually send some people to

> the ip address for hackers.areus.com)
> 
> 2) the certificate expired 1/19/2007
> 
> 3) the certificate is self signed, not from a real certificate 
> authority (the thing that prevents hackers.areus.com from just self 
> signing a certificate that has www.citibank.com is browsers only 
> accept certificates that have a parent (or parents parent) that is 
> rooted in trusted certificates, unless you explicitly tell your 
> browser to trust a certificate
> 
> The lowest cost real SSL certificates I know of are at godaddy.com.
> The simplest one is $20/year (for a single site certificate like 
> wiki.openfabrics.org). If you want a wildcard certificate (i.e.
> *.openfabrics.org) its $199/year. This validates in something like 98%

> of browsers. The $500 Verisign certificates validate in like 99.9% of 
> browsers.
> 
> The process to get a real SSL certificate basically is someone who has

> appropriate access to the web server needs to generate a certificate 
> signing request (csr) with a private key. You keep the private key, 
> and you send the csr to the certificate authority (and perhaps tell 
> them which web server you use). They will validate your identity ($20 
> doesn't get much validation, like that the owner of the domain has 
> your email address), sign the csr with a private key that has in it's 
> parent chain one of the roots sorted in web browsers, and send you 
> back the signed certificate. This certificate, along with the private 
> key which you carefully kept secret, needs to then be configured in 
> the web server and ssl works as intended. As I remember, the last time

> I used a low cost godaddy.com certificate, I also had to add an 
> intermediate certificate in the chain to the web server, to be sent 
> along with the site certificate. This is because godaddy's certificate

> is the child of a child of a validated root. The web servers all know 
> how to configure these intermediate certificates and are not uncommon 
> (like a big corporation would get a corporate subroot signed by a 
> validated root, to use in their corporate certificate authority, which

> then signs the certificates of a department, and ssl is happy).
> 
> 
> Jan
> 
> 
> -----Original Message-----
> From: ofw-bounces at lists.openfabrics.org 
> [mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Smith, Stan
> Sent: Monday, October 01, 2007 10:24 AM
> To: ofw at lists.openfabrics.org
> Subject: [ofw] Resolution for missing header files in build 
> processdocumented @ openib-wiki FAQ
> 
> 
> See https://wiki.openfabrics.org/tiki-index.php?page=Windows+FAQ
> 
> BTW, does anyone know how to correct the problem with this website's 
> security certificate?
> It's hard to maintain a semblance of credibility when we don't even 
> fix our own web page...
> 
> Thanks,
> 
> Stan.
> _______________________________________________
> ofw mailing list
> ofw at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
_______________________________________________
ofw mailing list
ofw at lists.openfabrics.org
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw



More information about the ofw mailing list