- removed comment
ssl warning for wiki.einsteintoolkit.org
My browser (Firefox 45.8.0 ESR) reports
wiki.einsteintoolkit.org uses an invalid security certificate. The certificate is only valid for wiki.cct.lsu.edu Error code: SSL_ERROR_BAD_CERT_DOMAIN
for https://wiki.einsteintoolkit.org/
Keyword:
Comments (12)
-
-
- removed comment
The wiki isn't supposed to be accessed via wiki.einsteintoolkit.org, but via https://docs.einsteintoolkit.org. Which page uses the first link? Even if the ssl certificate would work, that is not leading to the ET wiki.
As for www.einsteintoolkit.org - the same goes here, but it is a little more understandable that someone tries the 'www' version "out of the blue". I've opened a ticket to get a certificate.
-
reporter - removed comment
Replying to [comment:2 knarf]:
The wiki isn't supposed to be accessed via wiki.einsteintoolkit.org, but via https://docs.einsteintoolkit.org. Which page uses the first link? Even if the ssl certificate would work, that is not leading to the ET wiki. No page is using that link, I had typed it into the address bar directly in an attempt to remember the wiki page url. Having said that , would it be possible to make wiki.einsteintoolkit.org point to the actual wiki (or redirect there)? So that the ET wiki can be found at a URL with "wiki" in its name? The argument would be the same as for www.einsteintoolkit.org: it seems like a reasonable assumption on the part of a user to expect all sub-domains of einsteintoolkit.org to actually belong to the einstein toolkit and not a cct page (which is in theory a completely different entity from the ET).
As for www.einsteintoolkit.org - the same goes here, but it is a little more understandable that someone tries the 'www' version "out of the blue". I've opened a ticket to get a certificate. Thank you.
-
- removed comment
I should also ask for wiki.einsteintoolkit.org to be removed. Let me find out if that would cause issues.
-
reporter - removed comment
It's worse now. Even http://wiki.einsteintoolkit.org is now redirected to https://wiki.einsteintoolkit.org which uses a certificate which neither Firefox now Chromium will accept in my workstation.
Steve: would it be possible to talk to someone at LSU and either
a. have wiki.einsteintoolkit.org report a "not found" a. provide a ssl certificate for https://wiki.einsteintoolkit.org that browsers recognize (yes I understand that the certificate may well be signed by the LSU certificate authority which can be traced back to some root CA, but it seems at least some browsers do not trust this root CA) a. have wiki.einsteintoolkit.org point to docs.einsteintoolkit.org (both are LSU controlled so I see no problem with this)
-
- removed comment
According to sslshopper, https://www.sslshopper.com/ssl-checker.html#hostname=wiki.einsteintoolkit.org, all the correct intermediate certificates are installed, and the certificate should be recognised by all major web browsers. The root CA is not LSU; it is "InCommon RSA Server CA".
However, the problem is that the leaf certificate does not have a common name which matches the URL being used; the CN is wiki.cct.lsu.edu. This is probably why Firefox and Chromium don't accept it. ... Yes, on my laptop, Firefox says
wiki.einsteintoolkit.org uses an invalid security certificate. The certificate is only valid for wiki.cct.lsu.edu Error code: SSL_ERROR_BAD_CERT_DOMAIN
when you click "Advanced".
We have always used the URL "docs.einsteintoolkit.org" for our wiki (I have no idea why).
For simplicity at this point, I would probably just remove wiki.einsteintoolkit.org from DNS. It is currently a CNAME alias for wiki.cct.lsu.edu, which is a completely different server (currently 130.39.21.6, vs 130.39.21.43 for docs.einsteintoolkit.org). This is completely wrong.
A better solution would be to start using wiki.einsteintoolkit.org as the official name of our wiki (it contains more than just documentation), generate a certificate with names wiki.einsteintoolkit.org and docs.einsteintoolkit.org, and have docs repoint to wiki.
But the first option is much more likely to get implemented on a short timescale...
PS: Roland, you could also add a bookmark, since you seem unable to remember the URL ;)
-
reporter - removed comment
Oh, I can remember the URL, I just saw this ticket still open when looking for tickets that I had reported that were still open.
Yes, completely removing the DNS entry is also fine.
-
- removed comment
I'll get the DNS entry removed.
-
- removed comment
In case it wasn't clear, that last comment was by me.
-
- removed comment
ping
-
- changed status to resolved
- removed comment
The old URL is no longer active.
-
reporter - changed status to closed
- edited description
- Log in to comment
I get a similar error for https://www.einsteintoolkit.org (the certificate is valid for einsteintoolkit.org). www.einsteintoolkit.org should really work though (wiki.einsteintoolkit.org is incorrect but was intuitively what I would have expected).