Bug #357
closedhttps://documentliberation.org/ contains an 'invalid' SSl certificate
0%
Description
https://documentliberation.org/ uses the libreoffice.org certificate and thus the browser pops up a warning about an invalid certificate.
Files
Updated by Alexander Werner almost 10 years ago
- Project changed from Infrastructure to 35
- Category changed from Webserver to 31
Updated by Florian Effenberger almost 10 years ago
- Project changed from 35 to Infrastructure
- Category deleted (
31) - Status changed from New to Feedback
Dennis, is there any need for such a certificate? Only the site maintainers need it, and they can click away the warning message, so we don't have to bother with managing another certificate :-)
Updated by Florian Effenberger almost 10 years ago
- Priority changed from High to Normal
Updated by Dennis Roczek almost 10 years ago
Well, when I go to the domain, my Opera browser (and likely other web browsers) do pop up with a warning. It depends on you/the foundation if the foundation wants to handle another certificate or living with a warning for the web user.
At least it doesn't look right / not professional when surfing to an homepage with an invalid certificate. (other than outdated)
At least don't take the libreoffice certificate, use the documentfoundation certificate as this is actually a TDF page.
(and now some PR and evil stuff: does the TDF stand 100% behind the second project DLP or was that only "yet another project" under an umbrella organization to get pushed by a foundation name? g )
Updated by Dennis Roczek almost 10 years ago
btw: what does mean "only site maintainer" need the page? You mean (in general) developers? Otherwise this homepage doesn't make any sense as the content would have been able to be pushed to any wiki or whatever...
Updated by Florian Effenberger almost 10 years ago
My concern is that with our ~90 domains in use right now, we would have
to maintain 90 certificates - each of them sucking quite some chunk of
time. If you forcedly open a page via HTTPS when only HTTP is supported,
you can experience all other sort of weird things - often, with big
ISPs, HTTPS delivers something totally different then.
Is this Opera's default behaviour or did you reconfigure it?
Updated by Dennis Roczek almost 10 years ago
- File 2014-05-15 17_15_18-Zertifikatfehler_ Navigation wurde geblockt - Internet Explorer.png 2014-05-15 17_15_18-Zertifikatfehler_ Navigation wurde geblockt - Internet Explorer.png added
well, I have reconfigured Opera in many ways, but not in that part.
but, well I'm still using Opera 12 (no real update since ~1.5 years as Opera Software has dropped the Presto engine).
Attached image of IE11 with standard config - so not only Opera's behavior!
Updated by Florian Effenberger almost 10 years ago
Does IE open HTTPS automatically?
If I go to www.documentliberation.org it stays HTTP for me...
Updated by Dennis Roczek almost 10 years ago
Florian Effenberger wrote:
Does IE open HTTPS automatically?
If I go to www.documentliberation.org it stays HTTP for me...
oh well. only typing www.documentliberation.org or documentliberation.org both go to http://www.documentliberation.org/ --> that is handtyped...
Updated by Florian Effenberger almost 10 years ago
Looking forward to some other people's thoughts here - I'd like to avoid
creating ~90 SSL certificates just because a browser might redirect to
an unsupported URL :(
Updated by Dennis Roczek almost 10 years ago
Florian Effenberger wrote:
Looking forward to some other people's thoughts here - I'd like to avoid
creating ~90 SSL certificates just because a browser might redirect to
an unsupported URL :(
how about to get an multi-URL/TLD certificated for the foundation?
Updated by Dennis Roczek almost 10 years ago
Florian Effenberger wrote:
Looking forward to some other people's thoughts here - I'd like to avoid
creating ~90 SSL certificates just because a browser might redirect to
an unsupported URL :(
btw: 90 urls?
lo.de
lo.us
lo.net etc?
Updated by Florian Effenberger almost 10 years ago
We have about 90 domain names
If someone opens https://www.libreoffice.de, the same problem occurs
So we would have to consider all 90 domain names
We can create a multi-cert for them, but that requires the same amount
of work, as each of those domain names would have to be validated manually
Thus my standpoint: Opening the page with HTTPS is unsupported behaviour
But that's just my opinion, other thoughts welcome
Updated by Christian Lohmaier almost 10 years ago
for documentliberation.org project specifically (or silverstripe managed subsites in general), we can tell admins to login via https://www.libreoffice.org/admin instead and then disable https on the documentliberation.org host completely.
This would require creating some custom nginx server entry for documentliberation.org, but apart from that would solve the problem.
(and as to automatically visiting https: there are browser plugins/extensions that enforce this, but people using those usually have understanding about it an know how to parse a certificate validation error message :-))
Updated by Dennis Roczek almost 10 years ago
- Status changed from Feedback to Rejected
well after reading this discussion again and realizing that this is unmanageable, I would say it is closed as REJECTED / WONTFIX.