Closed boyska closed 9 years ago
added freepto CA: https://github.com/vinc3nt/freepto-lb/commit/a7909aa9a251354a61daf236f8b5ad106d33daa7
Created: http://ca.freepto.mx
Still missing:
I have created a deb package[1] that include all our custom CA (A/I, ortiche, riseup, freepto, sks-keyserver), in order to make simple the certificates management. A build that include my last commits [2] is available for testing on dev.freepto.mx [3]
[1] https://github.com/vinc3nt/freepto-certificates [2] https://github.com/vinc3nt/freepto-lb/tree/certificates [3] http://dev.freepto.mx/dev/certificates/141002_02.29_v0.1.2-STABLE-117-g149342e-it/
I ran a quick test using the steps below:
paranoid@freepto:~$ sudo apt-cache show freepto-certificates
Package: freepto-certificates
Status: install ok installed
Priority: optional
Section: misc
Installed-Size: 13
Maintainer: vinc3nt <vinc3nt@riseup.net>
Architecture: i386
Version: 0.1
Depends: ca-certificates
Description: This is a Freepto package that include the certificates
used by Freepto.
Homepage: http://www.freepto.mx/
paranoid@freepto:~$
paranoid@freepto:~$ ls /usr/local/share/ca-certificates/
ai.crt freepto.crt ortiche.crt riseup.crt sks-keyservers.crt
paranoid@freepto:~$ wget https://download.freepto.mx/makefreepto
--2014-10-02 03:01:56-- https://download.freepto.mx/makefreepto
Risoluzione di download.freepto.mx (download.freepto.mx)... 144.76.179.61
Connessione a download.freepto.mx (download.freepto.mx)|144.76.179.61|:443... connesso.
Richiesta HTTP inviata, in attesa di risposta... 200 OK
Lunghezza: 6825 (6,7K)
Salvataggio in: "makefreepto"
100%[======================================>] 6.825 --.-K/s in 0s
2014-10-02 03:01:57 (23,1 MB/s) - "makefreepto" salvato [6825/6825]
well done! Just a question: why have the certificates been installed in /usr/local ? that directory is not suited for packages. See also the output of lintian.
boyska
btw, ref is 99bf9560b2649b48f0190a4d0ef7b0b37784ec30
fixed: https://github.com/vinc3nt/freepto-certificates/commit/ef04a493609097f6073b60d8f30b3725a7993164 I have also updated the ortiche CA[1], I will provide a img soon.
[1] https://github.com/vinc3nt/freepto-certificates/commit/e4f256cdcdf345e06bf234113372c2b50f16eca3
e3f07cf20b359456f80c1498a1719f093984e09a and 55b85bd773e6a2d50c3e5a6543dde63244ec94a1 closed this
freepto.mx uses self-signed certificates, which prevents most users from visiting download website with both encrypted connection and good user-experience.
We need to create a freepto CA and include it.