[Sumover-dev] Re: [Media Tools] #36: mediatools.cs.ucl.ac.uk over
SSL with unmatched self-signed certificate
Media Tools
SUMOVER-dev at cs.ucl.ac.uk
Tue May 9 18:14:40 BST 2006
#36: mediatools.cs.ucl.ac.uk over SSL with unmatched self-signed certificate
-----------------------------+----------------------------------------------
Reporter: piers | Owner: socrates
Type: task | Status: assigned
Priority: minor | Milestone: sumover-2Q-release
Component: CMS/Repository | Version: 4.3
Resolution: | Keywords: SSL, certificate
-----------------------------+----------------------------------------------
Changes (by socrates):
* status: new => assigned
* reporter: socrates => piers
Old description:
> (Derek Piper, <dcpiper at indiana.edu> wrote the following to sumover-tech
> list in response to our release announcement, see thread
> [http://oakham.cs.ucl.ac.uk/pipermail/sumover-tech/2006-April/thread.html
> archived here])
>
> Hi Piers,
>
> Can I ask why the site is over SSL? The self-signed certificate for your
> site does not match the URL so it seems strange as to why you would only
> allow connections over SSL but not have it configured correctly?
>
> Derek
>
> [[BR]]--
> [[BR]]Derek Piper - dcpiper at indiana.edu - (812) 856 0111
> [[BR]]IRI 323, School of Informatics
> [[BR]]Indiana University, Bloomington, Indiana
New description:
(Derek Piper, <dcpiper at indiana.edu> wrote the following to the ag-tech
list (post [http://www-unix.mcs.anl.gov/web-mail-archive/lists/ag-
tech/2006/04/msg00080.html archived here]), and to the sumover-tech list
in response to our release announcement, see thread
[http://oakham.cs.ucl.ac.uk/pipermail/sumover-tech/2006-April/thread.html
archived here])
Hi Piers,
Can I ask why the site is over SSL? The self-signed certificate for your
site does not match the URL so it seems strange as to why you would only
allow connections over SSL but not have it configured correctly?
Derek
[[BR]]--
[[BR]]Derek Piper - dcpiper at indiana.edu - (812) 856 0111
[[BR]]IRI 323, School of Informatics
[[BR]]Indiana University, Bloomington, Indiana
Comment:
Hi Derek,
Thanks for comments.
Good point - We thought SSL would provide a measure of protection against
remote commit password compromise. Also we figured it may help somewhat
against wiki-spam.
The cert is basically correct as mediatools is a CNAME for
frostie.cs.ucl.ac.uk. However you're right we should create an appropriate
cert for the this hostname so as save confusion. Also I have to admit I
added the alias at the last minute - I thought it clearer as the nature of
the site. We will fix it in May.
Thanks,
Piers.
--
Ticket URL: <https://frostie.cs.ucl.ac.uk/nets/mmedia/ticket/36>
Media Tools <http://www-mice.cs.ucl.ac.uk/multimedia/software>
Media Tools
More information about the Sumover-dev
mailing list