[ofw] RE: openfabrics.org ssl certificate
Erez Cohen
erezc at mellanox.co.il
Wed Oct 3 04:58:47 PDT 2007
Last I know Jeff Scott (jeff at splitrockpr.com) was the webmaster. He may
know.
-----Original Message-----
From: ofw-bounces at lists.openfabrics.org
[mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Smith, Stan
Sent: Tuesday, October 02, 2007 10:31 PM
To: ofw at lists.openfabrics.org
Cc: jeff.c.becker at gmail.com
Subject: [ofw] RE: openfabrics.org ssl certificate
Would the person who setup the openib-windows Wiki or someone who is
knowledgeable of the Wiki setup please contact me w.r.t. the Wiki being
moved if it's not already at an OpenFabrics Alliance server.
>From Jan's response this could be the case, hence a certificate refresh
(aka $$ & email) is all that is needed?
Thanks Jan.
Stan.
PS: Jim this might cost you $$?
Jan Bottorff wrote:
> Hi,
>
> The SSL certificate used for wiki.openfabrics.org is basically bogus.
>
> 1) the embedded name is staging.openfabrics.org (to be correct it
> needs to really match what's in the url), browsers check this so then
> can authenticate who is at the other end of the url (this prevents dns
> spoofing, which can make www.citibank.com actually send some people to
> the ip address for hackers.areus.com)
>
> 2) the certificate expired 1/19/2007
>
> 3) the certificate is self signed, not from a real certificate
> authority (the thing that prevents hackers.areus.com from just self
> signing a certificate that has www.citibank.com is browsers only
> accept certificates that have a parent (or parents parent) that is
> rooted in trusted certificates, unless you explicitly tell your
> browser to trust a certificate
>
> The lowest cost real SSL certificates I know of are at godaddy.com.
> The simplest one is $20/year (for a single site certificate like
> wiki.openfabrics.org). If you want a wildcard certificate (i.e.
> *.openfabrics.org) its $199/year. This validates in something like 98%
> of browsers. The $500 Verisign certificates validate in like 99.9% of
> browsers.
>
> The process to get a real SSL certificate basically is someone who has
> appropriate access to the web server needs to generate a certificate
> signing request (csr) with a private key. You keep the private key,
> and you send the csr to the certificate authority (and perhaps tell
> them which web server you use). They will validate your identity ($20
> doesn't get much validation, like that the owner of the domain has
> your email address), sign the csr with a private key that has in it's
> parent chain one of the roots sorted in web browsers, and send you
> back the signed certificate. This certificate, along with the private
> key which you carefully kept secret, needs to then be configured in
> the web server and ssl works as intended. As I remember, the last time
> I used a low cost godaddy.com certificate, I also had to add an
> intermediate certificate in the chain to the web server, to be sent
> along with the site certificate. This is because godaddy's certificate
> is the child of a child of a validated root. The web servers all know
> how to configure these intermediate certificates and are not uncommon
> (like a big corporation would get a corporate subroot signed by a
> validated root, to use in their corporate certificate authority, which
> then signs the certificates of a department, and ssl is happy).
>
>
> Jan
>
>
> -----Original Message-----
> From: ofw-bounces at lists.openfabrics.org
> [mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Smith, Stan
> Sent: Monday, October 01, 2007 10:24 AM
> To: ofw at lists.openfabrics.org
> Subject: [ofw] Resolution for missing header files in build
> processdocumented @ openib-wiki FAQ
>
>
> See https://wiki.openfabrics.org/tiki-index.php?page=Windows+FAQ
>
> BTW, does anyone know how to correct the problem with this website's
> security certificate?
> It's hard to maintain a semblance of credibility when we don't even
> fix our own web page...
>
> Thanks,
>
> Stan.
> _______________________________________________
> ofw mailing list
> ofw at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
_______________________________________________
ofw mailing list
ofw at lists.openfabrics.org
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
More information about the ofw
mailing list