HTTPS on forum.nette.org?

4 years ago

Honza Kuchař
Backer | 1648
+
+9
-

Hi!

Are you considering to start HTTPS on forum.nette.org? I have strange feelings every time I need to press “Log in” button on this forum. Anyone else has the same strange feeling? :-)

Thanks!

4 years ago

Filip Procházka
Moderator | 4693
+
+1
-

The problem is that we need wildmark certificate for nette.org and startssl considers Nette as organization, so I cannot generate the certificate from my account (nor can anybody else). It has to be payed for.

But yeah, I would love to have nette.org on HTTPS :)

4 years ago

hrach
Member | 1806
+
0
-

I think wildcard is not needed, only some cert authority, which allows you to name subdomains. (but that's not starssl)

4 years ago

Quinix
Member | 108
+
0
-

@hrach StartSSL certificate can be created for subdomain without any problem… at least the free one. You just have to create separate certificates for each subdomain…

Last edited by Quinix (2015-03-25 23:53)

4 years ago

hrach
Member | 1806
+
0
-

@Quinix probably, but that's something you don't want to do.

4 years ago

Quinix
Member | 108
+
0
-

@hrach Care to elaborate? If you don's care about clients without SNI, I don't see any issue in that. AFAIK SAN certificates cost about the same as wildcard…

4 years ago

Milo
Nette Core | 1099
+
+2
-

There are many domains on one IP:

  • nette.org
  • dibiphp.com
  • ne-on.org
  • nettefoundation.com
  • posobota.cz
  • texy.info

Even not all of them needs SSL, it's good to know. Let's say nette, dibi, texy need it.

Multidomain wildcard is technically an ideal solution but expensive. SNI + per/domain certificate is imho acceptable.

Another think is the StartSSL policy. I read the StartSSL policy. Maybe we can pass, but I'm not a lawyer.

I'm keeping hope for the Let's Encrypt.

4 years ago

Honza Kuchař
Backer | 1648
+
0
-

Let's assume all browsers of our users support SNI for this site. There is no reason why to care about old browsers, developers are living on the edge.

4 years ago

Aurielle
Member | 1283
+
+1
-

There would be another issues with old browsers besides SNI, for example old and vulnerable ciphers, SSLv3…

4 years ago

Quinix
Member | 108
+
+1
-

BTW, there is also possibility to acquire free certificate for opensource projects – for example https://www.globalsign.com/…open-source/

4 years ago

David Grudl
Nette Core | 6790
+
0
-

@Quinix I tried to register.

4 years ago

David Grudl
Nette Core | 6790
+
0
-

Great! „Your open source project has been approved. This code is valid for a Domain Validated SSL Certificate

Only problem is the organization name („The Organization name must be the full legal registered form, which is required for the order to be processed.“).

4 years ago

Milo
Nette Core | 1099
+
0
-

@Quinix Wow, that's nice!

4 years ago

Honza Kuchař
Backer | 1648
+
0
-

Only problem is the organization name („The Organization name must be the full legal registered form, which is required for the order to be processed.“).

@DavidGrudl What does it mean?

4 years ago

David Grudl
Nette Core | 6790
+
0
-

I must somehow register organization…

4 years ago

Honza Kuchař
Backer | 1648
+
0
-

bump