Is the web server's private key, used to generate the CSR, also needed? If so, perhaps IU cannot share that.
On Sat, Jul 30, 2016 at 11:09 PM, Gilles Gouaillardet <gilles.gouaillar...@gmail.com> wrote: > Jeff, > > if my understanding is correct, https requires open-mpi.org is the only > (httpd) domain served on port 443 for a given IP (e.g. no shared hosting) > a certificate is based on host name (e.g. www.open-mpi.org) and can > contains wildcards (e.g. *.open-mpi.org) > so if the first condition is met, then you should be able to reuse the > certificate that was previously used at UI. > > makes sense ? > > Cheers, > > Gilles > > On Sunday, July 31, 2016, Jeff Squyres (jsquyres) <jsquy...@cisco.com> > wrote: >> >> I knew about letsencrypt (it's sponsored by my own company, Cisco -- >> huzzah!). But I (apparently foolishly) didn't think SSL was important, and >> didn't want to bother with figuring out how to do all the SSL-sysadmin-ish >> things. :-) >> >> I just poked around with letsencrypt.org; it looks actually pretty simple >> (even on a hosted site where we have limited ssh access to the web server >> itself -- I used https://github.com/Neilpang/acme.sh and it worked like a >> champ). >> >> PSA: If you have an http web site, you should go look at letsencrypt.org. >> >> I'll look at getting www.open-mpi.org back to https shortly. >> >> >> >> >> > On Jul 30, 2016, at 12:51 PM, Craig Inches <open...@xayto.net> wrote: >> > >> > There is a free service for certificates, two that I know of infact. >> > >> > https://www.startssl.com/ and https://letsencrypt.org/ >> > >> > Startssl is more your tradition cert request process and lets encrypt is >> > a project for automated free certificates but if sysadmin'ing is not your >> > primary thing then I would say go with Start! I use them for all my sites. >> > >> > Also Durga, the SSL is at a preceding step to the redirect, it is >> > confirmed before establishing the http connection. >> > >> > Cheers, Craig >> > >> > On Sat, Jul 30, 2016 at 12:39:23PM -0400, dpchoudh . wrote: >> > >> > Hi Jeff and all Disclaimer: I know next to nothing about how the web >> > works. Having said that, would it not be possible to redirect an https >> > request to a http request? I believe apache mod-rewrite can do it. Or does >> > this certificate check happens even before the rewrite? Regards Durga >> > >> > The woods are lovely, dark and deep; but I have promises to keep. And >> > kilometers to go before I sleep; and kilometers to go before I sleep. On >> > Sat, Jul 30, 2016 at 12:31 PM, Jeff Squyres (jsquyres) >> > <[1]jsquy...@cisco.com> wrote: >> > >> > Meh. That's a good point. We might have to pony up the cost for >> > the certificates, then. :-( >> > (Indiana University provided all this stuff to us for free; now that >> > the community has to pay for our own hosting, the funding has to >> > come from some where). >> > Please bear with us -- all this sysadmin/infrastructure stuff is >> > completely unrelated to do with our real jobs (i.e., software >> > development of Open MPI); we're doing all this migration work on >> > nights, weekends, and sometimes while waiting for lengthy >> > compiles. We didn't think of the Google-will-have-https-links >> > issue. :-\ >> > > On Jul 30, 2016, at 12:27 PM, Bennet Fauber <[2]ben...@umich.edu> >> > wrote: >> > > >> > > Thanks, Jeff, >> > > >> > > Just to note, though, many, many links in Google searches will >> > have >> > > the https address. >> > > >> > > -- bennet >> > > >> > > >> > > On Sat, Jul 30, 2016 at 12:21 PM, Jeff Squyres (jsquyres) >> > > <[3]jsquy...@cisco.com> wrote: >> > >> Hmm. Sorry about this; we just moved the web site from Indiana >> > University to Host Gator (per >> > [4]http://www.open-mpi.org/community/lists/devel/2016/06/19139.php). >> > >> >> > >> I thought I had disabled https for the web site last night when I >> > did the move -- I'll have to check into this. >> > >> >> > >> For the meantime, please just use [5]http://www.open-mpi.org/. >> > >> >> > >> >> > >> >> > >>> On Jul 30, 2016, at 11:25 AM, Bennet Fauber >> > <[6]ben...@umich.edu> wrote: >> > >>> >> > >>> I am getting a certificate error from >> > [7]https://www.open-mpi.org/ >> > >>> >> > >>> The owner of [8]www.open-mpi.org has configured their website >> > improperly. >> > >>> To protect your information from being stolen, Firefox has not >> > >>> connected to this website. >> > >>> >> > >>> and if I go to advanced and ask about the certificate, it says >> > >>> >> > >>> The certificate is only valid for the following names: >> > >>> *.[9]hostgator.com, [10]hostgator.com >> > >>> >> > >>> >> > >>> Is this something I have done to myself? >> > >>> _______________________________________________ >> > >>> users mailing list >> > >>> [11]users@lists.open-mpi.org >> > >>> [12]https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> > >> >> > >> >> > >> -- >> > >> Jeff Squyres >> > >> [13]jsquy...@cisco.com >> > >> For corporate legal information go to: >> > [14]http://www.cisco.com/web/about/doing_business/legal/cri/ >> > >> >> > >> _______________________________________________ >> > >> users mailing list >> > >> [15]users@lists.open-mpi.org >> > >> [16]https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> > > _______________________________________________ >> > > users mailing list >> > > [17]users@lists.open-mpi.org >> > > [18]https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> > -- >> > Jeff Squyres >> > [19]jsquy...@cisco.com >> > For corporate legal information go to: >> > [20]http://www.cisco.com/web/about/doing_business/legal/cri/ >> > _______________________________________________ >> > users mailing list >> > [21]users@lists.open-mpi.org >> > [22]https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> > >> > References >> > • jsquy...@cisco.com >> > >> > • ben...@umich.edu >> > >> > • jsquy...@cisco.com >> > >> > • http://www.open-mpi.org/community/lists/devel/2016/06/19139.php >> > >> > • http://www.open-mpi.org/ >> > >> > • ben...@umich.edu >> > >> > • https://www.open-mpi.org/ >> > >> > • http://www.open-mpi.org/ >> > >> > • http://hostgator.com/ >> > >> > • http://hostgator.com/ >> > >> > • users@lists.open-mpi.org >> > >> > • >> > https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> > >> > • jsquy...@cisco.com >> > >> > • http://www.cisco.com/web/about/doing_business/legal/cri/ >> > >> > • users@lists.open-mpi.org >> > >> > • >> > https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> > >> > • users@lists.open-mpi.org >> > >> > • >> > https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> > >> > • jsquy...@cisco.com >> > >> > • http://www.cisco.com/web/about/doing_business/legal/cri/ >> > >> > • users@lists.open-mpi.org >> > >> > • >> > https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> > >> > _______________________________________________ >> > users mailing list >> > users@lists.open-mpi.org >> > https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> > >> > >> > _______________________________________________ >> > users mailing list >> > users@lists.open-mpi.org >> > https://rfd.newmexicoconsortium.org/mailman/listinfo/users >> >> >> -- >> Jeff Squyres >> jsquy...@cisco.com >> For corporate legal information go to: >> http://www.cisco.com/web/about/doing_business/legal/cri/ >> >> _______________________________________________ >> users mailing list >> users@lists.open-mpi.org >> https://rfd.newmexicoconsortium.org/mailman/listinfo/users > > > _______________________________________________ > users mailing list > users@lists.open-mpi.org > https://rfd.newmexicoconsortium.org/mailman/listinfo/users _______________________________________________ users mailing list users@lists.open-mpi.org https://rfd.newmexicoconsortium.org/mailman/listinfo/users
