ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Boudnik <...@apache.org>
Subject Re: SSL certificate for the CI server
Date Fri, 21 Jul 2017 20:02:57 GMT
I have never heard about this provider, and it is great they are donating
their resources to the FOSS. I quick glance on their site has reveiled a
couple of issues:
- the page for the "Standard Agreement" returns 404 [1]. I won't be willing to
  agree to something I cannot read upfront.
- the process seems to be manual.

The reason I like [2] is because it's backed by EFF and has a huge user base
(over 100 millions certificates to date) [3]

The process has been debugged already for other Apache projects, so I don't
really see why we need to go to someone else?

[1] https://www.globalsign.com/en/repository/globalsign-subscriber-agreement-digital-certificates-and-services.pdf
[2] https://letsencrypt.org/
[3] https://www.eff.org/deeplinks/2017/06/lets-encrypt-has-issued-100-million-certificates

Thanks,
  Cos

On Wed, Jul 19, 2017 at 09:41PM, Aleksey Chetaev wrote:
> Hi,
> 
> A know GlobalSing support open source projects for
> free(https://www.globalsign.com/en/ssl/ssl-open-source/).
> We can request certificates from them, it will be more easy for me. Any
> objection?
> 
> 
> Denis Magda-2 wrote
> > Hi Cos,
> > 
> > Alexey Chetaev, please join the conversation and share your thoughts on
> > this.
> > 
> > —
> > Denis
> > 
> >> On Jul 19, 2017, at 9:44 AM, Konstantin Boudnik &lt;
> 
> > cos@
> 
> > &gt; wrote:
> >> 
> >> Hey guys.
> >> 
> >> I've noticed that https://ci.ignite.apache.org/ has two issues:
> >> - it has the invalid certificate
> >> - the CI server isn't responding on the https port (there's only ngnix)
> >> 
> >> I don't about the rest of the group here, but all my browsers are
> >> enforcing
> >> HTTPS connections for the obvious reasons. I have to add an exception
> >> for the CI server to get in, which is a minor inconvenience compared to
> >> the
> >> security risks. I suggest we fix both issues. 
> >> 1. Getting a valid certificate is easy and doesn't cost a dime nowadays.
> >>   Here's the very details set of instructions on how we do it for Apache
> >>   Bigtop. They are easily applicable in Ignite CI's case [1]. I'd be
> >> happy to
> >>   help with this.
> >> 2. Reconfiguring the server to respond only on HTTPS port. That's another
> >> easy
> >>   thing to do for anyone with the access to the box. I don't have this,
> >> so
> >>   it'd be someone else.
> >> 
> >> Thoughts?
> >>  Cos
> >> 
> >> [1]
> >> https://cwiki.apache.org/confluence/display/BIGTOP/Bigtop+CI+Setup+Guide#BigtopCISetupGuide-Advancedpart:SetupaSSLsecuredJenkinsmaster
> >>
> 
> 
> 
> 
> 
> --
> View this message in context: http://apache-ignite-developers.2346864.n4.nabble.com/SSL-certificate-for-the-CI-server-tp19830p19840.html
> Sent from the Apache Ignite Developers mailing list archive at Nabble.com.

Mime
View raw message