Re: www.spi-inc.org uses an invalid security certificate

From: TJ <spi-inc(at)iam(dot)tj>
To: spi-general(at)lists(dot)spi-inc(dot)org
Subject: Re: www.spi-inc.org uses an invalid security certificate
Date: 2014-02-27 23:46:32
Message-ID: 530FCE58.5020809@iam.tj
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: spi-general

On 27/02/14 23:32, Jimmy Kaplowitz wrote:
> On Thu, Feb 27, 2014 at 08:48:35PM +0000, TJ wrote:
>> If that is the intent then the URL I accessed should *not* be served over HTTPS at all.
> [...]
>> Not having heard of SPI previously I wanted to verify the organisation's
>> authenticity. Finding what seemed like an amateurish fault on the SPI host
>> certificate too, my willingness to trust the CA was greatly diminished.
>
> It's a valid point that the user experience might be clearer if both URLs were
> separated to be served from different IPs, or the certificate updated to
> include spi-inc.org & www.spi-inc.org and either HTTPS serving enabled or a
> redirect to HTTP installed. I'll make sure our sysadmins notice this thread.

Most sites and browsers support SNI in which case multiple IPs aren't required, although to
handle those user agents that don't support SNI it is usual to make the server's default site
be the primary HTTPS site for the organisation.

Instead of several additional ALT Subject Names just use the wildcard "*.spi-inc.org" in addition to a CN of "spi-inc.org".

Responses

Browse spi-general by date

  From Date Subject
Next Message Jimmy Kaplowitz 2014-02-27 23:52:34 Re: www.spi-inc.org uses an invalid security certificate
Previous Message Jimmy Kaplowitz 2014-02-27 23:32:46 Re: www.spi-inc.org uses an invalid security certificate