Mailinglist Archive: opensuse-web (101 mails)

< Previous Next >
Re: [opensuse-web] openSUSE Certificate Renewal
Thomas Schmidt <tom@xxxxxxxxxxxx> 12/9/2011 3:23 AM >>>
On 08.12.2011 17:00, Matthew Ehle wrote:
Hello,
I am putting together a budget for certificates next year, and I would like
to know about ALL of the
openSUSE sites that require SSL. Basically,
I am trying to determine if we should get a wildcard or a SAN certificate,
and the number of
domains that need SSL is a big factor in that.
Since the login for the wikis, blogs, and forums happens through a central
location now, they no
longer need certificates. I think build and api
might still need them. I'm not sure about the others.
Thank you,
Matt

Hi Matt, these sites currently use ssl:
features.opensuse.org
build.opensuse.org
retro.opensuse.org
connect.opensuse.org
static.opensuse.org
beans.opensuse.org

Good, it looks like that certificate renewal timeline is in line with all the
other certs I need to take care of. This number of sites is just enough to
justify going with a wildcard certificate. In late January, please send me
CSRs for these sites, and I'll send you back a 3 year certificate. By the way,
DigiCert allows for unlimited duplicates, so send me as few or as many CSRs as
you want.

Not all of them running behind ichain/access manager.

We may want to consider getting them all behind Access Manager. It's up to the
admins for those other sites whether the extra features are worth it, but
Access Manager has a lot to offer. The big differences between the custom SSO
for the above sites and Novell Access Manager are:

SAML/Liberty federation
Acceleration (caching)
SSO with the blogs, wikis, and forums (as well as suse.com and novell.com)

The list goes much longer than that, but I think the above would be the most
interesting for what those sites would want or need.
< Previous Next >