If I want to use b.fd.o I have to click through a few strongly-worded warning screens to do so -- not cool. (I've set up a temporary exception for now, definitely not adding a permanent exception given that I don't use this bugzilla all that much and would rather not grant carte blanche to a cert signed by a CA Mozilla doesn't trust yet.) You should use a certificate signed by a CA that 80-90% of the browsing world will recognize, rather than one that Apple (via Safari), Microsoft (via IE7), and Mozilla (via Firefox), at a minimum, will not accept. That's just desensitizing users to blindly accept a certificate that, in an inauspicious environment with active MITM happening, might not even be this site's certificate.
It's a cost thing. fd.o is predominately a volunteer organisation. If your willing to pay for the certificate then we're happy to fulfill your request.
(In reply to comment #1) > It's a cost thing. fd.o is predominately a volunteer organisation. If your > willing to pay for the certificate then we're happy to fulfill your request. There's actually several ways to get valid SSL certificates for free... * GoDaddy gives open source projects *free* SSL certificates (https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp). * StartSSL (https://www.startssl.com) has fully valid *free* SSL certificates that work in most browsers (not IE). Both of the above options are better than the current usage of CAcert.org, which is not trusted by any major browser, so I'm reopening this bug.
Wow, didn't know about the godaddy offer. The startssl.com doesn't appear to work with Chrome though. I'll certainly look into the godaddy offer though. Thanks!
Any progress on this?
(In reply to comment #1) > It's a cost thing. fd.o is predominately a volunteer organisation. If your > willing to pay for the certificate then we're happy to fulfill your request. The X.Org Foundation is willing to pay for it - we've been talking about it with Keith Packard for the last week or so.
Ok, so I'm happy to install the crt if someone buys it as I don't have details/access to buy one.
Hi Folks has there been advances on the SSL certificate for bugzilla? Digicert seems to have some at reasonable rates: http://www.digicert.com/welcome/ssl-plus.htm
Not only Firefox, but Chrome also tries everything to prevent you from accessing f.d.o. bugzilla, with HUGE WARNINGS COVERED IN BLOOD (complete with the red pirate head insigna). This needs to be fixed. Godaddy gives em for free for you, and you've been talking about it for a week back in october. What's holding this back now?
CC
*** Bug 30863 has been marked as a duplicate of this bug. ***
I tried the godaddy route but despite repeated email, they kept requesting information how the fd.o uses an open source repository. They couldn't understand that fd.o is the open source repository. Simply put because we're not part of sf.net the didnt list us as an open source project. Hence buying the certificate makes the most sense. We just need one of the fd.o board members to ok and tell the sysadmins how we can go about purchasing the certificate.
*** Bug 31750 has been marked as a duplicate of this bug. ***
Even when the certs are installed: http://www.cacert.org/index.php?id=3 per http://wiki.cacert.org/BrowserClients still had issues today. Cleared & reinstalled the certs & lo & behold: ==== bugs.freedesktop.org uses an invalid security certificate. The certificate expired on 11/19/2010 08:23 PM. (Error code: sec_error_expired_certificate) ==== Not valid after: 11/19/2010 20:23:04 (11/20/2010 04:23:04 GMT) Note: had to add a temporary exception to post to this bug report.
I've found when installing you certificates you need to kick apache with a restart, a graceful won't do it. apache2ctl restart On 22/11/10 06:19, bugzilla-daemon@freedesktop.org wrote: > https://bugs.freedesktop.org/show_bug.cgi?id=20250 > > NoOp<glgxg@sbcglobal.net> changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |glgxg@sbcglobal.net > > --- Comment #13 from NoOp<glgxg@sbcglobal.net> 2010-11-21 11:49:32 PST --- > Even when the certs are installed: > http://www.cacert.org/index.php?id=3 > per > http://wiki.cacert.org/BrowserClients > still had issues today. > > Cleared& reinstalled the certs& lo& behold: > ==== > bugs.freedesktop.org uses an invalid security certificate. > > The certificate expired on 11/19/2010 08:23 PM. > > (Error code: sec_error_expired_certificate) > ==== > Not valid after: > 11/19/2010 20:23:04 > (11/20/2010 04:23:04 GMT) > > Note: had to add a temporary exception to post to this bug report. >
Say what? What has apache to do with the bugs.freedesktop.org cert expiring? Not valid after: 11/19/2010 20:23:04 (11/20/2010 04:23:04 GMT) You *did* look at the cert before making that comment... right?
<sigh> My mistake, I took it you had reinstalled the certificate on the server not on the client. I've upgraded the cacert certificate so it's at least not expired. The CA is still invalid as FF/IE don't recognise cacert as a CA. Hence you'll still get a warning but the certificate won't be out of date. I would be really nice to resolve this by the fd.o foundation letting us know how we could proceed with the purchase of a certificate.
*** Bug 30465 has been marked as a duplicate of this bug. ***
On 11/21/2010 09:27 PM, bugzilla-daemon@freedesktop.org wrote: ... > I've upgraded the cacert certificate so it's at least not expired. The CA is > still invalid as FF/IE don't recognise cacert as a CA. Hence you'll still get a > warning but the certificate won't be out of date. ... Thanks. Actually, using the instructions in http://wiki.cacert.org/BrowserClients works for me (SeaMonkey 2.0.10 linux) as long as the cert is not out of date. I used the instructions for Mozilla Firefox on that page.
(In reply to comment #16) > <sigh> My mistake, I took it you had reinstalled the certificate on the server > not on the client. > > I've upgraded the cacert certificate so it's at least not expired. The CA is > still invalid as FF/IE don't recognise cacert as a CA. Hence you'll still get a > warning but the certificate won't be out of date. > > I would be really nice to resolve this by the fd.o foundation letting us know > how we could proceed with the purchase of a certificate. Note that there are some widely accepted CA's that will give open source projects certificates for free.... I forget which ones off hand, but google is your friend.
... or just get a free StartCom SSL certificate? :) https://www.startssl.com/ Why don't you try that out? It's actually supported by a good number of browsers (much better than CAcert).
At this point, Startcom claims to have support from Chrome, Android, iPhone, and anything else I could think of offhand. Alternatively, Thawte will give free certificates to FOSS projects; I've gone through that process and it proved fairly straightforward.
Well the starcom method ended up with a failed registration and no way to be able to reissue the 'certificate' they need to authenticate. Time to try Thawte
As a follow up and to finally close this bug, Eddy Nigg from StartCom contacted me after noticing I had some issues with the account creation process. After a quick interplay of email we sorted things out and hence now Bug.fd.o is officially ssl enabled with the free key from StartCom. Many thanks to Eddy for helping resolve the issue and to StartCom for the certificate!
I suppose I should file a new bug, but since this is related to the new StartCom cert: Perhaps you can get Florian and/or Eddy to update all the certs to include libreoffice.org? Clicking on Installation etc., brings up: ==== www.libreoffice.org uses an invalid security certificate. The certificate is only valid for the following names: *.documentfoundation.org , documentfoundation.org (Error code: ssl_error_bad_cert_domain) ==== And examining the cert shows that it is only valid for documentfoundation.org.
Ok, I'm fairly certain we can a certificate for libreoffice.org but who does the hosting? Non-authoritative answer: Name: www.libreoffice.org Address: 88.198.53.251 This doesn't appear to be a fd.o or x.org machine.
My apologies. I was having issues with https://www.libreoffice.org/download defaulting to the *.documentfoundation.org certificate rather than the StartCom *.libreoffice.org cert. Found out that the cert from StartCom is using sni & my browser client was set for ssl2 true. Reset to ssl2 false and it now works.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.