Opened 6 years ago

Last modified 5 years ago

#2820 new enhancement

SSL is the future! — at Version 4

Reported by: dustin Owned by:
Priority: major Milestone: sys - other
Version: 0.8.7p1 Keywords:
Cc: verm

Description (last modified by sa2ajj)

https://www.globalsign.com/ssl/ssl-open-source/

Currently we support no HTTPS at all on any of the buildbot.net properties. It would be awesome if we could get SSL enabled for https://trac.buildbot.net, at least since the logins are emabrassingly cleartext.

Beyond that, in the spirit of resetting the web, it'd be great to have buildbot.net, docs.buildbot.net, buildbot.buildbot.net, and lists.buildbot.net (and, well, every vhost we run) using SSL, too.

If GlobalSign will give us a *.buildbot.net, that'd be awesome. If they're willing to give us a few certs, that's awesome too. If they'll only give us one, and we use another free service for the others, that's OK too.

Change History (4)

comment:1 Changed 6 years ago by dustin

  • Milestone changed from systems to sys - other

Milestone renamed

comment:2 Changed 6 years ago by jollyroger

I am running startssl.com certificates on my company's services and pretty much satisfied with them. One of the key differences that make them interesting to me is that they charge you during validation. This means you could actually pass validation once and then issue as many certificates as you need. One important note here is that you'll be charged $25 if you send a revocation request. But there is no limitations on the number of domains or certificates, only that CN should be unique.

To actually be able to get wildcard certificates(issued only to the organization) you pass Personal Validation (see http://www.startssl.com/?app=34) and Organiztion Validation (see http://www.startssl.com/?app=35). Both cost $60 but since I already have an account there, I could get a $30 discount that'll beat most CAs on price. This gives you a possibility to issue any number of the certificates you could ever need. Also, such certificates are valid for 3 years, not 1 year as usual. I could also ask support if there could be a discount for an open source project.

Since our clients are financial organizations I can tell these guys will remove most CAs they haven't heard personally, so only some major market players are available for them (corporate software setup in financial organizations is something that makes me feel very bad). Haven't seen any problems with generic Windows, Linux, MacOS, Android and iOS devices though. Please consider this fact as it can scare newcomers upon entering the site.

Last edited 6 years ago by jollyroger (previous) (diff)

comment:3 Changed 6 years ago by sa2ajj

GlobalSign needs to be contacted.

Who is in the position to do that?

comment:4 Changed 6 years ago by sa2ajj

  • Description modified (diff)
Note: See TracTickets for help on using tickets.