Orxonox SSL certificate
Moderator: PPS-Leaders
- Nowic
- Thanathon, God of the lower Planes
- Posts: 186
- Joined: Tue Oct 03, 2006 7:53 pm
- Location: Zürich
- Contact:
Orxonox SSL certificate
Am I the only one who cannot accept the Orxonox SSL certificate? Every time I visit the Orxonox Wiki/forum in a new firefox or epiphany session, I have to accept it again. It's annoying if you have to use the Orxonox infrastructure often.
The certificate was generated: 30.08.2006
and expires: 29.09.2006
... so it's not valid anymore.
Maybe the Noxons should generate a new SSL certificate... or is the Noxonian server not properly synchronized with our time/date?
Maybe we should switch to certificates signed by the Asheroc... they are supposed to have more advanced technologies!
The certificate was generated: 30.08.2006
and expires: 29.09.2006
... so it's not valid anymore.
Maybe the Noxons should generate a new SSL certificate... or is the Noxonian server not properly synchronized with our time/date?
Maybe we should switch to certificates signed by the Asheroc... they are supposed to have more advanced technologies!
"I've always lived cheaply. I live like a student, basically. And I like that because it means that money is not telling me what to do. I can do what I think is important for me to do. It freed me to do what seemed worth doing." -- Richard Stallman
Well I know that this thread may sound kind of harsh, but that was not the intention.
But this goes with all the "make Orxonox sexy" stuff: If someone stumbles upon this realm of information he will be turned off by these certificate messages and might not return!
Now that we have fans from all over the world, we need to manage this fan base and give these people what they want... or something like that.
I know that I am kind of a petty bureaucrat, but my only intention is that an article about Orxonox can be published in some gaming magazine by the end of this semester. If this were to happen (and I would be most delighted to write such an article) Orxonox would instantly become much more famous and I guess that this would also attract a lot of potential programmers, modlers and other creators.
I don't know if you agree with this, therefore I will open a new thread and a vote.
But this goes with all the "make Orxonox sexy" stuff: If someone stumbles upon this realm of information he will be turned off by these certificate messages and might not return!
Now that we have fans from all over the world, we need to manage this fan base and give these people what they want... or something like that.
I know that I am kind of a petty bureaucrat, but my only intention is that an article about Orxonox can be published in some gaming magazine by the end of this semester. If this were to happen (and I would be most delighted to write such an article) Orxonox would instantly become much more famous and I guess that this would also attract a lot of potential programmers, modlers and other creators.
I don't know if you agree with this, therefore I will open a new thread and a vote.
The sky above the port was the color of television, tuned to a dead channel.
-- William Gibson, Neuromancer
-- William Gibson, Neuromancer
- Nowic
- Thanathon, God of the lower Planes
- Posts: 186
- Joined: Tue Oct 03, 2006 7:53 pm
- Location: Zürich
- Contact:
*push*
I searched for it... and I would even do it! give me root
http://gentoo-wiki.com/Apache_Modules_mod_ssl
http://slacksite.com/apache/certificate.html
I searched for it... and I would even do it! give me root
http://gentoo-wiki.com/Apache_Modules_mod_ssl
http://slacksite.com/apache/certificate.html
"I've always lived cheaply. I live like a student, basically. And I like that because it means that money is not telling me what to do. I can do what I think is important for me to do. It freed me to do what seemed worth doing." -- Richard Stallman
The problem with signatures is, that they need to be signed by some authority. Therefore building a chain of trust. Our signature @ orxonox has no trust, because we signed it ourselfs, showing the trust in ourselfs
However what you may look for is a certificate for people not for webservers. I think there may be a judicial difference between these two and only one will be valid.
I don't think that you will find many suppliers for such a thing and if so be alerted for faked signatures and untrusty chains of trust.
However what you may look for is a certificate for people not for webservers. I think there may be a judicial difference between these two and only one will be valid.
I don't think that you will find many suppliers for such a thing and if so be alerted for faked signatures and untrusty chains of trust.
Yes, there is an open source solution for what you are looking for. It is called PGP and is used to certify the sender and encrypt/decrypt mails. The problem is that the receiver has no way of telling that you are the one you claim to be, until your PGP-key was signed by him. This signing can build a chain of trust which is essentially the same as the certificate validation process of a Web-server certificate.Has anyone had any experience with digital signatures and are there any cheap ways of getting it? Do you frequently have to use such a signature?
So unless you have a PGP-chain of trust to the receiver your signing is the same as no signing.
But PGP is cool and if you have it some time you can very soon have a chain of trust to Linus himself
As you know we use the same certificate for the forum, the page and everything. With the website change the certificate does not fit anymore anywhere.
Firefox 3.0 does not just ask you if you think this is identity theft, it just does not display the page at all.
This leaves us with the problem, that everyone who uses Firefox 3 cannot access the forum or the page using a secure channel. I haven't found anything to change that feature except adding a explicit exception for the Orxonox certificate on the website AND the forum.
This is quite bothersome for the average user. Accepting the certificate is one thing, adding exception for every page the certificate does not fit for is a bit too much to ask for from our visitors.
Firefox 3.0 does not just ask you if you think this is identity theft, it just does not display the page at all.
This leaves us with the problem, that everyone who uses Firefox 3 cannot access the forum or the page using a secure channel. I haven't found anything to change that feature except adding a explicit exception for the Orxonox certificate on the website AND the forum.
This is quite bothersome for the average user. Accepting the certificate is one thing, adding exception for every page the certificate does not fit for is a bit too much to ask for from our visitors.
"I'm Commander Shepard and this is my favorite forum on the internet."
Who is online
Users browsing this forum: No registered users and 1 guest