search

NESCent / FossilCalibrations

Fossil calibrations database
http://fossilcalibrations.org
BSD 2-Clause "Simplified" License
14 stars 4 forks source link

SSL cert for fossilcalibrations.org #76

Closed hlapp closed 9 years ago

hlapp commented 9 years ago

The fossilcalibrations.org server has now moved to a PalAss server. I assume that as a result of that, the SSL address fails to domain-validate and browsers show a big scary warning. I assume this means that the SSL cert needs to be re-issued and installed on the PalAss webserver.

@dleehr and @jimallman - it seems that the HTTP URL doesn't redirect to HTTPS. Is this intentional, or on oversight from the move to PalAss, and if the former, are there redirect rules in place somewhere that ensure that login and other pages use HTTPS?

dleehr commented 9 years ago

The login page requires/redirects to https. There's also an .htaccess file for the /protected directory that forces https, but I don't know if that's configured on the PalAss host

kcranston commented 9 years ago

I am not getting an SSL warning on either firefox or chrome.

dleehr commented 9 years ago

No it's giving a self-signed certificate fcd-self-signed

hlapp commented 9 years ago

@dleehr yes, I was able to see that too now.

@kcranston I'll have an email out in a moment.

jimallman commented 9 years ago

We've previously raised the question of whether or not a self-signed cert might be OK for this site, since only the admin users (a small group) will be bumped to HTTPS. I don't know if a final decision was ever reached.

dleehr commented 9 years ago

Also it does not appear that http://fossilcalibrations.org/protected enforces https

hlapp commented 9 years ago

We've previously raised the question of whether or not a self-signed cert might be OK for this site, since only the admin users (a small group) will be bumped to HTTPS. I don't know if a final decision was ever reached.

It was. Self-signed certs are poor practice, and require only a nominal expense to rectify.

jimallman commented 9 years ago

Ah, I forgot that this cert has already been secured.

Based on a quick look at the cert on https://152.3.101.137/, it seems to support both fossilcalibrations.org and www.fossilcalibrations.org. For SEO purposes, it's probably best to nudge to one or the other in our apache configuration. (This is not discussed in the Installation wiki page.)

hlapp commented 9 years ago

Cert is now re-issued and installed.