HTTPS on forum.nette.org?

Notice: This thread is very old.
Honza Kuchař
Backer | 1657
+
+9
-

Hi!

Are you considering to start HTTPS on forum.nette.org? I have strange feelings every time I need to press “Log in” button on this forum. Anyone else has the same strange feeling? :-)

Thanks!

Filip Procházka
Moderator | 4693
+
+1
-

The problem is that we need wildmark certificate for nette.org and startssl considers Nette as organization, so I cannot generate the certificate from my account (nor can anybody else). It has to be payed for.

But yeah, I would love to have nette.org on HTTPS :)

hrach
Member | 1818
+
0
-

I think wildcard is not needed, only some cert authority, which allows you to name subdomains. (but that's not starssl)

Quinix
Member | 108
+
0
-

@hrach StartSSL certificate can be created for subdomain without any problem… at least the free one. You just have to create separate certificates for each subdomain…

Last edited by Quinix (2015-03-25 23:53)

hrach
Member | 1818
+
0
-

@Quinix probably, but that's something you don't want to do.

Quinix
Member | 108
+
0
-

@hrach Care to elaborate? If you don's care about clients without SNI, I don't see any issue in that. AFAIK SAN certificates cost about the same as wildcard…

Milo
Nette Core | 1153
+
+2
-

There are many domains on one IP:

  • nette.org
  • dibiphp.com
  • ne-on.org
  • nettefoundation.com
  • posobota.cz
  • texy.info

Even not all of them needs SSL, it's good to know. Let's say nette, dibi, texy need it.

Multidomain wildcard is technically an ideal solution but expensive. SNI + per/domain certificate is imho acceptable.

Another think is the StartSSL policy. I read the StartSSL policy. Maybe we can pass, but I'm not a lawyer.

I'm keeping hope for the Let's Encrypt.

Honza Kuchař
Backer | 1657
+
0
-

Let's assume all browsers of our users support SNI for this site. There is no reason why to care about old browsers, developers are living on the edge.

Aurielle
Member | 1283
+
+1
-

There would be another issues with old browsers besides SNI, for example old and vulnerable ciphers, SSLv3…

Quinix
Member | 108
+
+1
-

BTW, there is also possibility to acquire free certificate for opensource projects – for example https://www.globalsign.com/…open-source/

David Grudl
Generous Backer | 7166
+
0
-

@Quinix I tried to register.

David Grudl
Generous Backer | 7166
+
0
-

Great! „Your open source project has been approved. This code is valid for a Domain Validated SSL Certificate

Only problem is the organization name („The Organization name must be the full legal registered form, which is required for the order to be processed.“).

Milo
Nette Core | 1153
+
0
-

@Quinix Wow, that's nice!

Honza Kuchař
Backer | 1657
+
0
-

Only problem is the organization name („The Organization name must be the full legal registered form, which is required for the order to be processed.“).

@DavidGrudl What does it mean?

David Grudl
Generous Backer | 7166
+
0
-

I must somehow register organization…

Honza Kuchař
Backer | 1657
+
0
-

bump