[opensuse-web] openSUSE Certificate Renewal
Hello, I am putting together a budget for certificates next year, and I would like to know about ALL of the openSUSE sites that require SSL. Basically, I am trying to determine if we should get a wildcard or a SAN certificate, and the number of domains that need SSL is a big factor in that. Since the login for the wikis, blogs, and forums happens through a central location now, they no longer need certificates. I think build and api might still need them. I'm not sure about the others. Thank you, Matt
On 12/08/2011 05:00 PM, Matthew Ehle wrote:
Hello,
I am putting together a budget for certificates next year, and I would like to know about ALL of the openSUSE sites that require SSL. Basically, I am trying to determine if we should get a wildcard or a SAN certificate, and the number of domains that need SSL is a big factor in that.
Since the login for the wikis, blogs, and forums happens through a central location now, they no longer need certificates. I think build and api might still need them. I'm not sure about the others.
Thank you, Matt
connect.o.o should be kept under ssl -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-web+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-web+owner@opensuse.org
On 08.12.2011 17:00, Matthew Ehle wrote:
Hello, I am putting together a budget for certificates next year, and I would like to know about ALL of the openSUSE sites that require SSL. Basically, I am trying to determine if we should get a wildcard or a SAN certificate, and the number of domains that need SSL is a big factor in that. Since the login for the wikis, blogs, and forums happens through a central location now, they no longer need certificates. I think build and api might still need them. I'm not sure about the others. Thank you, Matt
Hi Matt, these sites currently use ssl: features.opensuse.org build.opensuse.org retro.opensuse.org connect.opensuse.org static.opensuse.org beans.opensuse.org Not all of them running behind ichain/access manager. Greetings -- Thomas Schmidt (tom [at] opensuse.org) openSUSE Boosters Team "Don't Panic", Douglas Adams (11.03.1952 - 11.05.2001) -- To unsubscribe, e-mail: opensuse-web+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-web+owner@opensuse.org
Thomas Schmidt
12/9/2011 3:23 AM >>> On 08.12.2011 17:00, Matthew Ehle wrote: Hello, I am putting together a budget for certificates next year, and I would like to know about ALL of the openSUSE sites that require SSL. Basically, I am trying to determine if we should get a wildcard or a SAN certificate, and the number of domains that need SSL is a big factor in that. Since the login for the wikis, blogs, and forums happens through a central location now, they no longer need certificates. I think build and api might still need them. I'm not sure about the others. Thank you, Matt Hi Matt, these sites currently use ssl: features.opensuse.org build.opensuse.org retro.opensuse.org connect.opensuse.org static.opensuse.org beans.opensuse.org
Good, it looks like that certificate renewal timeline is in line with all the other certs I need to take care of. This number of sites is just enough to justify going with a wildcard certificate. In late January, please send me CSRs for these sites, and I'll send you back a 3 year certificate. By the way, DigiCert allows for unlimited duplicates, so send me as few or as many CSRs as you want.
Not all of them running behind ichain/access manager.
We may want to consider getting them all behind Access Manager. It's up to the admins for those other sites whether the extra features are worth it, but Access Manager has a lot to offer. The big differences between the custom SSO for the above sites and Novell Access Manager are: SAML/Liberty federation Acceleration (caching) SSO with the blogs, wikis, and forums (as well as suse.com and novell.com) The list goes much longer than that, but I think the above would be the most interesting for what those sites would want or need.
participants (3)
-
Bruno Friedmann
-
Matthew Ehle
-
Thomas Schmidt