Closed dr0i closed 3 years ago
Hi @acka47 if you find a hostname missing in the list please add it and ping.
I think we do not use vocabs.lobid.org
anymore and it thus can be removed. Do we still use stage.lobid.org
? Otherwise it looks complete.
I added metafacture.org and restructured the list to take into account Mariusz' advice to have on certificate per domain.
Deployed, please test. Note that skohub and nwbib will be renewed at the end of the next year. Note also that www.metafacture.org is not enabled, I think it's an DNS issue , will contact IT. [edit: IT made it good by correcting DNS]
+1 Closing.
It's possible to only have one SSL-certificate for multiple hostnames SubjectAlternativeName, SAN. Since we use a proxy, allmost all hostnames we control point to it (empyhtos). It's far more simple to have just one certificate for certificates must be renewed regularly. For a CSR we need a list of all these hostnames. The hostnames in need of a valid SSL certificate are listed here. The list should be updated if needed:
FQDN: lobid.org FQDN: www.lobid.org FQDN: beta.lobid.org FQDN: blog.lobid.org FQDN: labs.lobid.org FQDN: slides.lobid.org FQDN: test.lobid.org
FQDN: metafacture.org FQDN: www.metafacture.org
FQDN: nwbib.de FQDN: www.nwbib.de FQDN: test.nwbib.de
FQDN: skohub.io FQDN: www.skohub.io FQDN: test.skohub.io
Note: everytime this list is updated a new CSR must be done asking our IT to provide a new certificate. Also, of course, this must be done when the certificate is going to expire.