SSL certificates for opencaching-pl based nodes

magentos-pl / opencaching-pl

Automatically exported from code.google.com/p/opencaching-pl

0 stars 0 forks source link

SSL certificates for opencaching-pl based nodes #181

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

Regarding SSL, what would you recommend to each node: 

1) self-signed certificate 
   (user hassle accepting "untrusted certificate" and lack of seriousness image)

2) certificate signed by CACert
   (same user hassle accepting "untrusted certificate" because CACert root CA is not distributed with browsers)

3) Free certificate for open source projects : 
https://www.globalsign.com/ssl/ssl-open-source/
   (very appealing option, IMHO the project qualifies to their requirements, however it stil has to be determined if it is usable by each node, or only once certificate per open-source project...

4) certificate signed by commercial CA
   (requires anual fee)

Regarding 3), opencaching.pl should be the one to apply for it first.

Original issue reported on code.google.com by andrixnet on 5 Dec 2014 at 10:35

GoogleCodeExporter commented 9 years ago

Options 1 and 2 are not good. The third seems reasonable. But there lots of 
work to do, which might include formalities.

Original comment by rygielski on 5 Dec 2014 at 11:38

GoogleCodeExporter commented 9 years ago

[deleted comment]

GoogleCodeExporter commented 9 years ago

I filled registration form for option 3. I get message that they will check if 
our project is licensed and approved by the Open Source Initiative.
Once approve, I will receive an email from GlobalSign containing a campaign 
code to order your free SSL Certificate..

I'm not sure how they can check if "our project is licensed and approved by the 
Open Source Initiative" but worth to try.

I saw also other free certs, ao if this one fail, maybe we can check other 
options.

Original comment by wloczynutka on 5 Dec 2014 at 12:00

GoogleCodeExporter commented 9 years ago

The refused to provide cert.
Email in attachment

Original comment by wloczynutka on 19 Dec 2014 at 3:41

Attachments:

[Your open source project does not meet all requirements.eml](https://storage.googleapis.com/google-code-attachments/opencaching-pl/issue-181/comment-4/Your open source project does not meet all requirements.eml)

GoogleCodeExporter commented 9 years ago

security test results for oc pl site:
https://sslcheck.globalsign.com/en_US/sslcheck?host=opencaching.pl#86.111.244.11
7-srv-reg-cert-ssl-misc

Original comment by wloczynutka on 19 Dec 2014 at 3:49

GoogleCodeExporter commented 9 years ago

If their refusal is only due to a technical problem, it should be solvable.
I saw "F" grade in the test, with mulptiple problems. 
Actually, many of these problems exist in the default configuration of Apache 
with SSL. Serious tweaking is necessary ...

Original comment by andrixnet on 23 Dec 2014 at 10:23

GoogleCodeExporter commented 9 years ago

I'm not surprised, I would refuse us too. There are numerous vulnerabilities in 
the code which render the additional SSL protection quite meaningless...

Original comment by rygielski on 23 Dec 2014 at 10:46