SSL on *.adium.im

Discussion:

SSL on *.adium.im

Thijs Alkemade

2013-06-27 09:33:31 UTC

Hey all,

GlobalSign is giving out free wildcard certificates for open-source
projects[1]. I applied a couple of days ago and got the certificate last
night.

Previously we had a StartCom free certificate for adium.im and trac.adium.im
(which was only used for Trac). I've replaced that certificate on Eider, which
now covers trac.adium.im, hg.adium.im, buildbot.adium.im and the XMPP server.
If you used to pull over http, I advise you to replace the URL in your clones
with https://hg.adium.im. If you prefer to pin the certificate instead of
configuring Mercurial to check CAs, that can be done by adding to .hg/hgrc:

[hostfingerprints]
hg.adium.im = 12:99:96:72:6c:68:9e:96:05:e9:c8:1d:bd:cf:15:ee:bd:5e:2e:cc

I still want to add the certificate on duck too, but it seems Apache's
configuration there is managed by cpanel. Could somebody contact me off-list
with the credentials I need for that?

Thijs

[1] https://www.globalsign.com/ssl/ssl-open-source/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20130627/653b9e02/attachment.bin>

Evan Kinney

2013-06-27 12:38:23 UTC

Permalink

Post by Thijs Alkemade
Hey all,
GlobalSign is giving out free wildcard certificates for open-source
projects[1]. I applied a couple of days ago and got the certificate last
night.
Previously we had a StartCom free certificate for adium.im and
trac.adium.im
(which was only used for Trac). I've replaced that certificate on Eider, which
now covers trac.adium.im, hg.adium.im, buildbot.adium.im and the XMPP server.
If you used to pull over http, I advise you to replace the URL in your clones
with https://hg.adium.im. If you prefer to pin the certificate instead of
[hostfingerprints]
hg.adium.im = 12:99:96:72:6c:68:9e:96:05:e9:c8:1d:bd:cf:15:ee:bd:5e:2e:cc
I still want to add the certificate on duck too, but it seems Apache's
configuration there is managed by cpanel. Could somebody contact me off-list
with the credentials I need for that?
Thijs
[1] https://www.globalsign.com/ssl/ssl-open-source/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20130627/556789d1/attachment.html>

Thijs Alkemade

2013-06-27 18:25:21 UTC

Permalink

Consolidate as in merge eider and duck? I'm not sure if that's a great idea, duck seems to be handling quite a lot already.

I do generally prefer plain text file configuration (though I'm not familiar with cpanel), and I think both could badly use some updates.

Thijs

A while ago I proposed consolidating the web servers and ditching CPanel; maybe this would be a good opportunity to revisit that idea?
I have more time these days, fortunately, so we can actually make it happen this time. :)
/ek
Hey all,
GlobalSign is giving out free wildcard certificates for open-source
projects[1]. I applied a couple of days ago and got the certificate last
night.
Previously we had a StartCom free certificate for adium.im and trac.adium.im
(which was only used for Trac). I've replaced that certificate on Eider, which
now covers trac.adium.im, hg.adium.im, buildbot.adium.im and the XMPP server.
If you used to pull over http, I advise you to replace the URL in your clones
with https://hg.adium.im. If you prefer to pin the certificate instead of
[hostfingerprints]
hg.adium.im = 12:99:96:72:6c:68:9e:96:05:e9:c8:1d:bd:cf:15:ee:bd:5e:2e:cc
I still want to add the certificate on duck too, but it seems Apache's
configuration there is managed by cpanel. Could somebody contact me off-list
with the credentials I need for that?
Thijs
[1] https://www.globalsign.com/ssl/ssl-open-source/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20130627/5ca81e47/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20130627/5ca81e47/attachment.bin>

Christopher Forsythe

2013-06-27 22:09:53 UTC

Permalink

Which is easier for network redux, should there be a problem only they can
address? :)

Post by Thijs Alkemade
Consolidate as in merge eider and duck? I'm not sure if that's a great
idea, duck seems to be handling quite a lot already.
I do generally prefer plain text file configuration (though I'm not
familiar with cpanel), and I think both could badly use some updates.
Thijs
A while ago I proposed consolidating the web servers and ditching CPanel;
maybe this would be a good opportunity to revisit that idea?
I have more time these days, fortunately, so we can actually make it happen this time. :)
/ek

Post by Thijs Alkemade
Hey all,
GlobalSign is giving out free wildcard certificates for open-source
projects[1]. I applied a couple of days ago and got the certificate last
night.
Previously we had a StartCom free certificate for adium.im and trac.adium.im
(which was only used for Trac). I've replaced that certificate on Eider, which
now covers trac.adium.im, hg.adium.im, buildbot.adium.im and the XMPP server.
If you used to pull over http, I advise you to replace the URL in your clones
with https://hg.adium.im. If you prefer to pin the certificate instead of
[hostfingerprints]
hg.adium.im = 12:99:96:72:6c:68:9e:96:05:e9:c8:1d:bd:cf:15:ee:bd:5e:2e:cc
I still want to add the certificate on duck too, but it seems Apache's
configuration there is managed by cpanel. Could somebody contact me off-list
with the credentials I need for that?
Thijs
[1] https://www.globalsign.com/ssl/ssl-open-source/

--
Chris Forsythe
@The_Tick <http://twitter.com/The_Tick>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20130627/926d0d33/attachment.html>