Open graybeal opened 6 years ago
carueda
commented
6 years ago AFAIK HTTPS access hasn't be set up at all, so I wouldn't consider this a bug (but an enhancement). But let's tag @abburgess here as an opportunity to push/learn about the plans for HTTPS access.
graybeal
commented
6 years ago The reason this is critical is that the entire web is moving to secure protocols for web browsing, as http access is increasingly insecure and un-private. For example see https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl, which indicates any http site will be marked as not secure with a banner in Google Chrome starting in July 2018.
fgayanilo
commented
6 years ago All Symantec PKIs are affected (e.g., digicert, geotrust, rapidssl,thawte, verisign, equifax); see https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html
carueda
commented
4 years ago @lewismc Did you move this to some other tracker?
brandonnodnarb
commented
2 years ago AFAICT, this also affects SWEET. I'm not sure what this entails, specifically, as it is unclear at present if it's a host/provider issue or can be toggled via DNS (or both)?
Could this be a bullet point at the next COR meeting? :)
carueda
commented
2 years ago @brandonnodnarb I think it is a matter of getting a certificate and install it for cor.esipfed.org in the appropriate apache config file. Likewise, a separate certificate would be needed for sweetontology.net.
graybeal
commented
2 months ago I think I will need to get some support from ESIP so I can make appropriate changes in the AWS environment, but not 100% sure of that. I haven't pursued getting a better role on the AWS environment (my current role/authority is very limited) because they were so swamped for the summer meeting, but it's on my list.
fgayanilo
commented
2 months ago If you go for LE, see https://dev.to/greenteabiscuit/using-let-s-encrypt-on-aws-ec2-instance-2aca
I can't access COR on https://cor.esipfed.org, connection is refused.