Ticket #2578 (closed task: fixed)
midnight-commander.org uses self-signed ssl certificate
Reported by: | bircoph | Owned by: | slavazanko |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | adm | Version: | |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Branch state: | no branch | Votes for changeset: |
Description
Hello,
this site uses a self-signed SSL certificate, which is a barely valid and insecure approach.
You may sign site certificate via any open certification authority. (I can remember cacert.org, but you may use any at your wish, I do not care).
Also this site supports both www.midnight-commander.org and midnight-commander.org names, so you should either maintain certificates for both names or use only one URI for https connections.
Change History
comment:1 Changed 13 years ago by andrew_b
- Version 4.8.0-pre1 deleted
- Type changed from enhancement to task
- Milestone Future Releases deleted
comment:2 Changed 13 years ago by schuay
Hi, I'm the current maintainer of the mc package in the Archlinux [community] repository. Our makepkg build tool (which uses wget) cannot download the source code because of certificate issues:
$ wget https://midnight-commander.org/downloads/mc-4.7.5.4.tar.bz2 --2011-09-12 19:23:07-- https://midnight-commander.org/downloads/mc-4.7.5.4.tar.bz2 Resolving midnight-commander.org... 137.226.80.153 Connecting to midnight-commander.org|137.226.80.153|:443... connected. ERROR: cannot verify midnight-commander.org's certificate, issued by `/C=AU/ST=Some-State/O=midnight-commander.org/OU=midnight-commander.org/CN=midnight-commander.org': Self-signed certificate encountered. To connect to midnight-commander.org insecurely, use `--no-check-certificate'.
Now I'm not sure if it's caused by using a self signed cert, or because there is a redirect from midnight-commander.org to www.midnight-commander.org:
> wget --no-check-certificate https://midnight-commander.org/downloads/mc-4.7.5.4.tar.bz2 -O /dev/null --2011-09-12 19:36:29-- https://midnight-commander.org/downloads/mc-4.7.5.4.tar.bz2 Resolving midnight-commander.org... 137.226.80.153 Connecting to midnight-commander.org|137.226.80.153|:443... connected. WARNING: cannot verify midnight-commander.org's certificate, issued by `/C=AU/ST=Some-State/O=midnight-commander.org/OU=midnight-commander.org/CN=midnight-commander.org': Self-signed certificate encountered. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://www.midnight-commander.org/downloads/mc-4.7.5.4.tar.bz2 [following] --2011-09-12 19:36:29-- https://www.midnight-commander.org/downloads/mc-4.7.5.4.tar.bz2 Resolving www.midnight-commander.org... 137.226.80.153 Connecting to www.midnight-commander.org|137.226.80.153|:443... connected. WARNING: cannot verify www.midnight-commander.org's certificate, issued by `/C=AU/ST=Some-State/O=midnight-commander.org/OU=midnight-commander.org/CN=midnight-commander.org': Self-signed certificate encountered. WARNING: certificate common name `midnight-commander.org' doesn't match requested host name `www.midnight-commander.org'. HTTP request sent, awaiting response... 200 Ok Length: 2678184 (2.6M) [application/octet-stream] Saving to: `/dev/null' 100%[===================================================================================>] 2,678,184 1.87M/s in 1.4s
I can work around this for now, but it'd be nice to get it fixed. Thanks!
comment:3 Changed 12 years ago by sorin
That's more than annoying and is send bad vibes to potential users. It's better to make it HTTP instead if you can't fix the certificate problem.
comment:4 Changed 12 years ago by slavazanko
- Owner set to slavazanko
- Status changed from new to accepted
Agenda:
- register on www.startssl.com
- generate private key
- generate certificate request
- install certificate to web-server
- in web-server: remove redirection from unsecured connections to SSL
- in web-server: set up redirections from m-c.o to www.m-c.o
- describe in WIKI how to re-sign the certificate and re-install to web-server (once per year)
comment:5 Changed 12 years ago by slavazanko
register on www.startssl.com
done
generate private key
done
generate certificate request
done
comment:8 Changed 12 years ago by slavazanko
in web-server: remove redirection from unsecured connections to SSL
done. Just /login path will be redirected
in web-server: set up redirections from m-c.o to www.m-c.o
done