[Sumover-dev] Re: [Media Tools] #36: mediatools.cs.ucl.ac.uk over SSL with unmatched self-signed certificate

Media Tools SUMOVER-dev at cs.ucl.ac.uk
Tue May 9 18:14:40 BST 2006 

#36: mediatools.cs.ucl.ac.uk over SSL with unmatched self-signed certificate
-----------------------------+----------------------------------------------
  Reporter:  piers           |       Owner:  socrates          
      Type:  task            |      Status:  assigned          
  Priority:  minor           |   Milestone:  sumover-2Q-release
 Component:  CMS/Repository  |     Version:  4.3               
Resolution:                  |    Keywords:  SSL, certificate  
-----------------------------+----------------------------------------------
Changes (by socrates):

  * status:  new => assigned
  * reporter:  socrates => piers

Old description:

> (Derek Piper, <dcpiper at indiana.edu> wrote the following to sumover-tech
> list in response to our release announcement, see thread
> [http://oakham.cs.ucl.ac.uk/pipermail/sumover-tech/2006-April/thread.html
> archived here])
>
> Hi Piers,
>
> Can I ask why the site is over SSL? The self-signed certificate for your
> site does not match the URL so it seems strange as to why you would only
> allow connections over SSL but not have it configured correctly?
>
> Derek
>
> [[BR]]--
> [[BR]]Derek Piper - dcpiper at indiana.edu - (812) 856 0111
> [[BR]]IRI 323, School of Informatics
> [[BR]]Indiana University, Bloomington, Indiana

New description:

 (Derek Piper, <dcpiper at indiana.edu> wrote the following to the ag-tech
 list (post [http://www-unix.mcs.anl.gov/web-mail-archive/lists/ag-
 tech/2006/04/msg00080.html archived here]), and to the sumover-tech list
 in response to our release announcement, see thread
 [http://oakham.cs.ucl.ac.uk/pipermail/sumover-tech/2006-April/thread.html
 archived here])

 Hi Piers,

 Can I ask why the site is over SSL? The self-signed certificate for your
 site does not match the URL so it seems strange as to why you would only
 allow connections over SSL but not have it configured correctly?

 Derek

 [[BR]]--
 [[BR]]Derek Piper - dcpiper at indiana.edu - (812) 856 0111
 [[BR]]IRI 323, School of Informatics
 [[BR]]Indiana University, Bloomington, Indiana

Comment:

 Hi Derek,

 Thanks for comments.

 Good point - We thought SSL would provide a measure of protection against
 remote commit password compromise. Also we figured it may help somewhat
 against wiki-spam.

 The cert is basically correct as mediatools is a CNAME for
 frostie.cs.ucl.ac.uk. However you're right we should create an appropriate
 cert for the this hostname so as save confusion. Also I have to admit I
 added the alias at the last minute - I thought it clearer as the nature of
 the site. We will fix it in May.

 Thanks,

 Piers.

-- 
Ticket URL: <https://frostie.cs.ucl.ac.uk/nets/mmedia/ticket/36>
Media Tools <http://www-mice.cs.ucl.ac.uk/multimedia/software>
Media Tools

More information about the Sumover-dev mailing list