new image in trac wiki lets browsers again report the trac page as insecure

Create issue
Issue #1224 closed
Frank Löffler created an issue

Since the addition of the image http://build.barrywardell.net:8080/job/EinsteinToolkit/badge/icon to the trac wiki the page reports as being insecure (at least in parts) since not all content is using ssl. It would be nice to be able to get to that image using https or otherwise work around this issue.

Keyword:

Comments (6)

  1. Barry Wardell
    • removed comment

    I don't think SSL is currently available on that machine. In principal we could enable it. Ian, do you know what is required to get Jenkins to use SSL?

  2. Ian Hinder
    • removed comment

    We would need an SSL certificate for build.barrywardell.net, and to add an SSL wrapper. The SSL wrapper could, for example, be an Apache reverse proxy configured on build, or something more lightweight like stunnel. But the blocker at the moment is not having an SSL certificate for that machine. Come to think of it, it would be good to have SSL on this machine. It's a VM, so security is not so important, but it would be annoying if it was hacked.

    Are we sure that linking to an off-site SSL-served image will not lead to a similar browser warning? It's the off-site bit I'm concerned about. From reading around on the internet, my impression is that we would be fine, but I wonder if someone else knows better.

    I have commented out the build status image on the TRAC homepage, so that the page is considered secure again by browsers. Apologies for not noticing this issue!

  3. Barry Wardell
    • removed comment

    Getting an SSL certificate for build.barrywardell.net is straightforward. I can take care of getting it if someone else figures out what to do with it.

  4. Ian Hinder
    • removed comment

    Teamwork! Barry has obtained an SSL certificate, and I have installed it on build and set up an stunnel wrapper to provide https. The new URL for the jenkins installation is https://build.barrywardell.net which should be accepted by all major browsers. We still accept unencrypted connections on port 80 and 8080, but we might disable that at some point. I have added the link back on the trac main page via the https URL, and the page now registers in Safari as secure.

  5. Log in to comment