From: Simon Josefsson <simon@josefsson.org>
To: ding@gnus.org
Subject: Re: SSL certificate issues for git.gnus.org
Date: Mon, 14 Mar 2011 09:59:17 +0100 [thread overview]
Message-ID: <87y64i2i3e.fsf@latte.josefsson.org> (raw)
In-Reply-To: <m339mqbqwf.fsf@quimbies.gnus.org> (Lars Magne Ingebrigtsen's message of "Sun, 13 Mar 2011 23:24:16 +0100")
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> Simon Josefsson <simon@josefsson.org> writes:
>
>> I have made the request -- but Lars will need to approve it.
>
> (Sorry for the tardy response -- I've been building Ikea shelves for a
> week now.)
>
> I got the cacert email, and clicked through, and it said
>
> "Your domain has been verified. You can now start issuing certificates
> for this domain."
Thanks -- it seems approved alright.
>> Lars, to generate the git.gnus.org certificate, please run something
>> like this and send me the CSR at the bottom (it is fine to post to the
>> list, it is not security sensitive) and I'll paste the request through
>> cacert and get a certificate back:
>
> PKCS #10 Certificate Request Information:
Thanks, here is the certificate:
-----BEGIN CERTIFICATE-----
MIIE0TCCArmgAwIBAgIDAMjmMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB
Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTEwMzE0MDg1MTEyWhcNMTMwMzEz
MDg1MTEyWjAXMRUwEwYDVQQDEwxnaXQuZ251cy5vcmcwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC3t+RplIRbxvdt6FtrGy1IJFTrHz5g5Jnx80yja/4M
kyVcqOM8BO1bbCysTyobmnext5F1U9cJ0oLnCwa20Sm79PyzUvsp1iscw2CDgmlb
SpOashuWgE48N7i2NmMYHgzKzGyn8sqOJvbazsxrK3E7s1dVcjqDctii0hOmdGZ7
JKxA02blVLbfvXK1xvZL5X77tcW9WX+H3Vr4FuE6K+3vJPlUyNefa5rJ0FRqcLbV
k4oc+ZrfFDrSBfhXsiEvpgQdwviU573992A+jlnG/cSFFMTD4cdKOM3OjZjAMRHX
t2SuQt3wJ9vb2Uex/zGRNoNz8fByjPrBtWjMO9cz6X29AgMBAAGjgegwgeUwDAYD
VR0TAQH/BAIwADA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG
+EIEAQYKKwYBBAGCNwoDAzALBgNVHQ8EBAMCBaAwMwYIKwYBBQUHAQEEJzAlMCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5jYWNlcnQub3JnLzBdBgNVHREEVjBUggxn
aXQuZ251cy5vcmegGgYIKwYBBQUHCAWgDgwMZ2l0LmdudXMub3JnggxnaXQuZ251
cy5vcmegGgYIKwYBBQUHCAWgDgwMZ2l0LmdudXMub3JnMA0GCSqGSIb3DQEBBQUA
A4ICAQBEQ0M46NbqXlYYjSi+RH/wQ/Z4gbtLKG5uHZSV3V7RUUl6IgerXPDiGkF0
CwPXzD2K7A/qRWtsR9ymxDqyMYpBZMpP7dzIN5AJzAuIaUUCBoU3CIwLHOlirAyx
1Ks+qLfQFQ7CI3gnpebzkdC/QGMd4R+AaCMzvW10Gvg2V6xyfhreQ43g6zj5jLpQ
mcylstzvGrnN6I+YjL6FVOAD6zYNX+rxy/Q0YdXM8u0Tz1lMe1SDx6XGwojdH1uf
9eUTIB0J0+woKm+VIrrKcSWxKCnzUpSfw7985No+uuxzRhqD58rXOQrjkddQcXlk
Wxf5QXqXuLYl5rGrQFSDBONDKuOIN30908JUidzsuWHBzUWQ+9rom2hvRq+NeYWf
vjdtADDt8+cAsmw6FMDaqpf867J5TOeV5KA2BbTXb/V5rfe0kNAwPSKbHs7aUPsS
3SPdeCEGemV+J0WcB3MfhvvkaFwVclTr41FToX4ECFVuIJTfN8ZKdT74/XsrVGM9
a+jmmELarhpfLR4c2HexaACkn+GyNMuFOo9tDyg/W/uWrJjbrK2RKZynulP6C9O4
23Zv08PB1Sy7hikZSMhBNJiEr36G+peqc/0qFweVUcIg/2saZMhDzJf8P8xnPgzL
+Kwzb5FCUZpauiEH9YRyta5MlcRHTER7G2yWLH0LBVNwBz0KcA==
-----END CERTIFICATE-----
It is not strictly needed, but you may want to make the web server send
the following as an intermediate certificate too:
http://www.cacert.org/certs/class3.txt
Then clients only have to trust the root CACert CA without also knowing
the intermediate CACert certificate. I suspect most clients already
trust the intermediate CACert CA anyway though.
If you are using apache with mod_gnutls (Debian libapache2-mod-gnutls)
just concatenate the git.gnus.org PEM blob above with the PEM blob in
the URL above into a text file and then point to the files like this:
GnuTLSEnable on
GnuTLSCertificateFile /etc/ssl/private/git.gnus.org-chain.pem
GnuTLSKeyFile /etc/ssl/private/git.gnus.org-key.pem
GnuTLSPriorities NORMAL
/Simon
next prev parent reply other threads:[~2011-03-14 8:59 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-12 2:25 Gnus Git repository info and comitters: need updated password Ted Zlatanov
2010-04-12 8:31 ` David Engster
2010-04-12 10:20 ` Adam Sjøgren
2010-04-12 17:36 ` Andreas Schwab
2010-04-12 17:52 ` Ted Zlatanov
2010-04-12 18:57 ` Andreas Schwab
2010-04-14 10:38 ` Ted Zlatanov
2010-04-14 11:24 ` Andreas Schwab
2010-04-14 13:10 ` Ted Zlatanov
2010-04-14 16:59 ` Andreas Schwab
2010-04-15 3:07 ` Ted Zlatanov
2010-04-15 7:57 ` Andreas Schwab
2010-04-12 17:27 ` Andreas Schwab
2010-04-12 17:49 ` Ted Zlatanov
2010-04-12 18:29 ` Bjørn Mork
2010-04-12 19:01 ` Ted Zlatanov
2010-04-12 18:53 ` Andreas Schwab
2010-04-12 19:12 ` Andreas Schwab
2010-04-12 19:18 ` Ted Zlatanov
2010-04-12 19:29 ` Andreas Schwab
[not found] ` <87bpdpgsj9.fsf@gate450.dyndns.org>
2010-04-14 11:07 ` Ted Zlatanov
2010-04-14 11:34 ` Romain Francoise
2010-04-15 6:50 ` Katsumi Yamaoka
2010-04-15 13:46 ` Ted Zlatanov
2010-04-15 17:04 ` Andreas Schwab
2010-04-15 22:54 ` Andreas Seltenreich
2010-04-16 1:25 ` Ted Zlatanov
2010-04-16 21:49 ` Andreas Schwab
2010-04-17 21:00 ` Ted Zlatanov
2010-04-17 8:24 ` Andreas Seltenreich
2010-04-17 10:01 ` Andreas Schwab
2010-04-17 16:52 ` Andreas Seltenreich
2010-04-17 10:29 ` Andreas Schwab
2010-04-17 21:02 ` Ted Zlatanov
2010-04-17 21:28 ` Ted Zlatanov
2010-04-17 22:00 ` Ted Zlatanov
2010-04-17 23:26 ` Tim Landscheidt
2010-04-18 9:51 ` Andreas Seltenreich
2010-04-18 11:53 ` Ted Zlatanov
2010-04-18 12:10 ` Leo
2010-04-18 15:26 ` Ted Zlatanov
2010-04-18 21:04 ` Gnus, git, www.gnus.org (was: Gnus Git repository info and comitters: need updated password) Reiner Steib
2010-04-19 17:49 ` Gnus, git, www.gnus.org Reiner Steib
2010-04-19 18:10 ` Ted Zlatanov
2010-04-19 19:21 ` Andreas Schwab
2010-04-19 20:12 ` Ted Zlatanov
2010-04-19 23:28 ` Tim Landscheidt
2010-04-20 3:41 ` Ted Zlatanov
2010-04-22 17:31 ` Sivaram Neelakantan
2010-04-22 19:48 ` Andreas Schwab
2010-04-22 23:49 ` Ted Zlatanov
2010-04-23 0:35 ` Harry Putnam
2010-04-23 1:28 ` Russ Allbery
2010-04-23 10:00 ` Bjørn Mork
2010-04-23 13:01 ` Ted Zlatanov
2010-04-23 13:08 ` Greg Troxel
2010-04-23 13:20 ` Ted Zlatanov
2010-04-23 9:18 ` Sivaram Neelakantan
2010-04-23 12:54 ` Andreas Schwab
2010-04-23 16:41 ` Sivaram Neelakantan
2010-04-18 13:06 ` Gnus Git repository info and comitters: need updated password Andreas Seltenreich
2010-04-18 15:20 ` Ted Zlatanov
2010-04-18 15:32 ` Ted Zlatanov
2010-04-18 16:35 ` Andreas Seltenreich
2010-04-18 23:37 ` Ted Zlatanov
2010-04-19 1:01 ` Ted Zlatanov
2010-04-19 6:12 ` James Cloos
2010-04-20 3:11 ` Ted Zlatanov
2010-04-23 9:54 ` Tim Landscheidt
2010-04-23 13:16 ` SSL certificate issues for git.gnus.org (was: Gnus Git repository info and comitters: need updated password) Ted Zlatanov
2011-02-25 21:58 ` SSL certificate issues for git.gnus.org Ted Zlatanov
2011-02-25 22:39 ` Adam Sjøgren
2011-02-25 22:54 ` Ted Zlatanov
2011-02-25 22:59 ` Adam Sjøgren
2011-02-26 7:51 ` Julien Danjou
2011-02-26 13:14 ` Adam Sjøgren
2011-02-26 14:59 ` Steinar Bang
2011-02-28 19:33 ` Ted Zlatanov
2011-02-28 21:01 ` Steinar Bang
2011-03-01 10:38 ` Ted Zlatanov
2011-03-01 10:53 ` Steinar Bang
2011-03-05 12:04 ` Lars Magne Ingebrigtsen
2011-03-05 20:00 ` Steinar Bang
2011-03-07 17:26 ` Ted Zlatanov
2011-03-10 9:44 ` Simon Josefsson
2011-03-10 11:55 ` Steinar Bang
2011-03-10 21:50 ` Simon Josefsson
2011-03-10 22:01 ` Ted Zlatanov
2011-03-11 5:57 ` Simon Josefsson
2011-03-13 22:24 ` Lars Magne Ingebrigtsen
2011-03-14 8:59 ` Simon Josefsson [this message]
2011-03-14 9:30 ` Matthias Andree
2011-03-15 15:45 ` Lars Magne Ingebrigtsen
2011-03-15 16:03 ` Ted Zlatanov
2011-03-16 10:59 ` Ted Zlatanov
2011-03-16 11:31 ` Greg Troxel
2011-03-16 13:21 ` Ted Zlatanov
2011-03-17 11:07 ` Ted Zlatanov
2011-03-10 15:52 ` Ted Zlatanov
2011-03-10 19:43 ` James Cloos
2011-03-21 19:54 ` Adam Sjøgren
2011-03-21 22:41 ` Ted Zlatanov
2011-03-21 22:45 ` Adam Sjøgren
2011-02-26 9:24 ` Steinar Bang
2010-04-18 8:47 ` Gnus Git repository info and comitters: need updated password Andreas Schwab
2010-04-16 6:14 ` Katsumi Yamaoka
2010-04-16 9:47 ` Ted Zlatanov
2010-04-16 8:19 ` Didier Verna
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y64i2i3e.fsf@latte.josefsson.org \
--to=simon@josefsson.org \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).