[ofw] RE: openfabrics.org ssl certificate

Tzachi Dar tzachid at mellanox.co.il
Sun Oct 7 02:19:23 PDT 2007 

One more thought about the certificate:
This certificate is needed since we are using https and not http.
Is there any reason not to use http?

Thanks
Tzachi 

> -----Original Message-----
> From: ofw-bounces at lists.openfabrics.org 
> [mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Ryan, Jim
> Sent: Tuesday, October 02, 2007 11:10 PM
> To: Smith, Stan; ofw at lists.openfabrics.org
> Cc: jeff.c.becker at gmail.com
> Subject: [ofw] RE: openfabrics.org ssl certificate
> 
> Money well spent
> 
> -----Original Message-----
> From: Smith, Stan
> Sent: Tuesday, October 02, 2007 1:31 PM
> To: ofw at lists.openfabrics.org
> Cc: Ryan, Jim; jeff.c.becker at gmail.com
> Subject: RE: openfabrics.org ssl certificate
> 
> 
> Would the person who setup the openib-windows Wiki or someone who is
> knowledgeable of the Wiki setup please contact me w.r.t. the 
> Wiki being
> moved if it's not already at an OpenFabrics Alliance server.
> >From Jan's response this could be the case, hence a 
> certificate refresh
> (aka $$ & email) is all that is needed?
> 
> Thanks Jan.
> 
> Stan.
> 
> PS: Jim this might cost you $$?
> 
> 
> 
> Jan Bottorff wrote:
> > Hi,
> > 
> > The SSL certificate used for wiki.openfabrics.org is 
> basically bogus.
> > 
> > 1) the embedded name is staging.openfabrics.org (to be correct it
> > needs to really match what's in the url), browsers check 
> this so then
> > can authenticate who is at the other end of the url (this 
> prevents dns
> > spoofing, which can make www.citibank.com actually send 
> some people to
> > the ip address for hackers.areus.com)
> > 
> > 2) the certificate expired 1/19/2007
> > 
> > 3) the certificate is self signed, not from a real certificate
> > authority (the thing that prevents hackers.areus.com from just self
> > signing a certificate that has www.citibank.com is browsers only
> > accept certificates that have a parent (or parents parent) that is
> > rooted in trusted certificates, unless you explicitly tell your
> > browser to trust a certificate
> > 
> > The lowest cost real SSL certificates I know of are at godaddy.com.
> > The simplest one is $20/year (for a single site certificate like
> > wiki.openfabrics.org). If you want a wildcard certificate (i.e.
> > *.openfabrics.org) its $199/year. This validates in 
> something like 98%
> > of browsers. The $500 Verisign certificates validate in 
> like 99.9% of
> > browsers.
> > 
> > The process to get a real SSL certificate basically is 
> someone who has
> > appropriate access to the web server needs to generate a certificate
> > signing request (csr) with a private key. You keep the private key,
> > and you send the csr to the certificate authority (and perhaps tell
> > them which web server you use). They will validate your 
> identity ($20
> > doesn't get much validation, like that the owner of the domain has
> > your email address), sign the csr with a private key that 
> has in it's
> > parent chain one of the roots sorted in web browsers, and send you
> > back the signed certificate. This certificate, along with 
> the private
> > key which you carefully kept secret, needs to then be configured in
> > the web server and ssl works as intended. As I remember, the last
> > time I used a low cost godaddy.com certificate, I also had to add an
> > intermediate certificate in the chain to the web server, to be sent
> > along with the site certificate. This is because godaddy's
> > certificate is the child of a child of a validated root. The web
> > servers all know how to configure these intermediate 
> certificates and
> > are not uncommon (like a big corporation would get a corporate
> > subroot signed by a validated root, to use in their corporate
> > certificate authority, which then signs the certificates of a
> > department, and ssl is happy). 
> > 
> > 
> > Jan
> > 
> > 
> > -----Original Message-----
> > From: ofw-bounces at lists.openfabrics.org
> > [mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Smith, Stan
> > Sent: Monday, October 01, 2007 10:24 AM
> > To: ofw at lists.openfabrics.org
> > Subject: [ofw] Resolution for missing header files in build
> > processdocumented @ openib-wiki FAQ
> > 
> > 
> > See https://wiki.openfabrics.org/tiki-index.php?page=Windows+FAQ
> > 
> > BTW, does anyone know how to correct the problem with this website's
> > security certificate?
> > It's hard to maintain a semblance of credibility when we don't even
> > fix our own web page...
> > 
> > Thanks,
> > 
> > Stan.
> > _______________________________________________
> > ofw mailing list
> > ofw at lists.openfabrics.org
> > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
> _______________________________________________
> ofw mailing list
> ofw at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw
>

More information about the ofw mailing list