Orxonox SSL certificate

Everything concerning SVN, our wiki and this forum.

Moderator: PPS-Leaders

Post Reply
User avatar
Nowic
Thanathon, God of the lower Planes
Posts: 186
Joined: Tue Oct 03, 2006 7:53 pm
Location: Zürich
Contact:

Orxonox SSL certificate

Post by Nowic » Tue Oct 31, 2006 7:38 pm

Am I the only one who cannot accept the Orxonox SSL certificate? Every time I visit the Orxonox Wiki/forum in a new firefox or epiphany session, I have to accept it again. It's annoying if you have to use the Orxonox infrastructure often.

The certificate was generated: 30.08.2006
and expires: 29.09.2006
... so it's not valid anymore.

Maybe the Noxons should generate a new SSL certificate... or is the Noxonian server not properly synchronized with our time/date? :roll:
Maybe we should switch to certificates signed by the Asheroc... they are supposed to have more advanced technologies! :wink:
"I've always lived cheaply. I live like a student, basically. And I like that because it means that money is not telling me what to do. I can do what I think is important for me to do. It freed me to do what seemed worth doing." -- Richard Stallman

User avatar
hofzge
Roshliikhh, lower servant to the Deities
Posts: 116
Joined: Mon Oct 23, 2006 12:01 pm

Post by hofzge » Tue Oct 31, 2006 9:22 pm

Hei Nowic
I also have this problem everytime I come here to the forum or to the Wiki. Quite annoying - I am in favor of Asheroc certificates!
The sky above the port was the color of television, tuned to a dead channel.
-- William Gibson, Neuromancer

User avatar
beni
Baron Vladimir Harkonnen
Posts: 949
Joined: Tue Oct 03, 2006 9:15 am
Location: Zurich
Contact:

Post by beni » Wed Nov 01, 2006 8:13 am

I still think we should travel back in time anyway.

Uhm, yes of course I have the same problem :D

User avatar
patrick
Baron Vladimir Harkonnen
Posts: 350
Joined: Mon Oct 02, 2006 6:03 pm
Location: Bern

Post by patrick » Thu Nov 02, 2006 12:17 am

Hehe, I like this :mrgreen: but I don't like the message: "someone please make a new certificate"

:shock:

I really don't like it...

but I will see, what I can do :wink:

User avatar
hofzge
Roshliikhh, lower servant to the Deities
Posts: 116
Joined: Mon Oct 23, 2006 12:01 pm

Post by hofzge » Thu Nov 02, 2006 8:17 am

Well I know that this thread may sound kind of harsh, but that was not the intention.
But this goes with all the "make Orxonox sexy" stuff: If someone stumbles upon this realm of information he will be turned off by these certificate messages and might not return! :shock:
Now that we have fans from all over the world, we need to manage this fan base and give these people what they want... or something like that.

I know that I am kind of a petty bureaucrat, but my only intention is that an article about Orxonox can be published in some gaming magazine by the end of this semester. If this were to happen (and I would be most delighted to write such an article) Orxonox would instantly become much more famous and I guess that this would also attract a lot of potential programmers, modlers and other creators.

I don't know if you agree with this, therefore I will open a new thread and a vote.
The sky above the port was the color of television, tuned to a dead channel.
-- William Gibson, Neuromancer

User avatar
Nowic
Thanathon, God of the lower Planes
Posts: 186
Joined: Tue Oct 03, 2006 7:53 pm
Location: Zürich
Contact:

Post by Nowic » Wed Jan 10, 2007 4:16 pm

*push*

I searched for it... and I would even do it! give me root :x

http://gentoo-wiki.com/Apache_Modules_mod_ssl
http://slacksite.com/apache/certificate.html
"I've always lived cheaply. I live like a student, basically. And I like that because it means that money is not telling me what to do. I can do what I think is important for me to do. It freed me to do what seemed worth doing." -- Richard Stallman

User avatar
patrick
Baron Vladimir Harkonnen
Posts: 350
Joined: Mon Oct 02, 2006 6:03 pm
Location: Bern

Post by patrick » Tue Jan 16, 2007 8:45 pm

It has been done!

nicolasc
Baron Vladimir Harkonnen
Posts: 258
Joined: Wed Nov 01, 2006 7:58 pm
Location: your mind
Contact:

Post by nicolasc » Tue Jan 16, 2007 10:03 pm

Was about time...
BOFH Excuse #212: Of course is doesn't work. We've performed a software upgrade.

User avatar
Nowic
Thanathon, God of the lower Planes
Posts: 186
Joined: Tue Oct 03, 2006 7:53 pm
Location: Zürich
Contact:

Post by Nowic » Tue Jan 16, 2007 10:14 pm

Thx!
"I've always lived cheaply. I live like a student, basically. And I like that because it means that money is not telling me what to do. I can do what I think is important for me to do. It freed me to do what seemed worth doing." -- Richard Stallman

User avatar
patrick
Baron Vladimir Harkonnen
Posts: 350
Joined: Mon Oct 02, 2006 6:03 pm
Location: Bern

Post by patrick » Thu Feb 22, 2007 8:44 am

The problem with signatures is, that they need to be signed by some authority. Therefore building a chain of trust. Our signature @ orxonox has no trust, because we signed it ourselfs, showing the trust in ourselfs :D

However what you may look for is a certificate for people not for webservers. I think there may be a judicial difference between these two and only one will be valid.

I don't think that you will find many suppliers for such a thing and if so be alerted for faked signatures and untrusty chains of trust.

User avatar
bensch
Admiral Alexi Sarkhov
Posts: 101
Joined: Tue Oct 03, 2006 2:28 pm
Contact:

Post by bensch » Thu Feb 22, 2007 8:59 am

Has anyone had any experience with digital signatures and are there any cheap ways of getting it? Do you frequently have to use such a signature?
Yes, there is an open source solution for what you are looking for. It is called PGP and is used to certify the sender and encrypt/decrypt mails. The problem is that the receiver has no way of telling that you are the one you claim to be, until your PGP-key was signed by him. This signing can build a chain of trust which is essentially the same as the certificate validation process of a Web-server certificate.

So unless you have a PGP-chain of trust to the receiver your signing is the same as no signing.

But PGP is cool and if you have it some time you can very soon have a chain of trust to Linus himself :D

User avatar
bensch
Admiral Alexi Sarkhov
Posts: 101
Joined: Tue Oct 03, 2006 2:28 pm
Contact:

Post by bensch » Thu Feb 22, 2007 9:01 am

BTW: I do not think that there is anyone in the world, who has a private SSL-certificate for himself... but there are always crazy people like me, that want to have an IP for their towels :D (Please watch South Park for more on this topic :))

User avatar
beni
Baron Vladimir Harkonnen
Posts: 949
Joined: Tue Oct 03, 2006 9:15 am
Location: Zurich
Contact:

Post by beni » Thu Jan 31, 2008 11:18 pm

As you know we use the same certificate for the forum, the page and everything. With the website change the certificate does not fit anymore anywhere.

Firefox 3.0 does not just ask you if you think this is identity theft, it just does not display the page at all.
This leaves us with the problem, that everyone who uses Firefox 3 cannot access the forum or the page using a secure channel. I haven't found anything to change that feature except adding a explicit exception for the Orxonox certificate on the website AND the forum.
This is quite bothersome for the average user. Accepting the certificate is one thing, adding exception for every page the certificate does not fit for is a bit too much to ask for from our visitors.
"I'm Commander Shepard and this is my favorite forum on the internet."

nicolasc
Baron Vladimir Harkonnen
Posts: 258
Joined: Wed Nov 01, 2006 7:58 pm
Location: your mind
Contact:

Post by nicolasc » Sat Feb 16, 2008 12:16 pm

I finally had the time to upgrade our certificate...

Fingerprints:
SHA1: 44D1 C6F0 31C6 BF99 83EA 9EBF 3901 7F94 A2D5 FFCC
MD5: C5EB 188D 1E06 E1FF 17C1 E147 2618 CCBF

cheers
nico
BOFH Excuse #212: Of course is doesn't work. We've performed a software upgrade.

Post Reply

Who is online

Users browsing this forum: No registered users and 8 guests