Trisquel SSL certificate needs renewal

Project:Web
Component:Main
Category:bug report
Priority:critical
Assigned:david
Status:closed
Description

When visiting https://trisquel.info/ I got the error "This Connection is Untrusted". The certificate appeared to expired on 20/03/13 23:59 UTC, a few hours ago.

I've marked this as critical because:
- DuckDuckGo, the default Trisquel search engine, automatically links to the HTTPS site.
- HTTPS Everywhere is a popular Mozilla extension that automatically uses the HTTPS site.
- Many users appear to use it (I see https://trisquel.info links on forums and the tracker a lot)

Thu, 03/21/2013 - 07:56

Yes it would appear that the Pidgin instant messenger is reading the Jabber certificate as invalid too. I wonder if it expired and just needs to be replaced? Hope it's not too serious.

Thu, 03/21/2013 - 11:30
Assigned to:anonymous» david
Status:active» patch (needs work)

Hi!

The problem with the certificate is just that it expired; we forgot to realize that the provider of the previous certificate stopped their service in this regard last year, so the usual renovation warning emails were not sent.

In any case, we'll have to switch providers. I'm trying the service of other provider and have just set a new certificate for the web page and the jabber server. We'll probably be changing some settings for everything to work properly, so don't panic, but please by all means report any unexpected behaviour.

Thanks for your help!

Thu, 03/21/2013 - 13:49

silly little cosmetic wrinkle, "trisquel.info run by (unknown)"

AttachmentSize
Screenshot at 2013-03-21 14:45:23.png 7.16 KB
Thu, 03/21/2013 - 22:22

Thanks for taking care of that david. :-)

Fri, 03/22/2013 - 00:29

About the "run by unknown" stuff, it seems it cannot be changed with the certificate provider I've tried, at least not with a Class 1 certificate. I'll be looking at some other options in any case.

I changed the SSL setup of the Jabber server so the new certificate should be auto-accepted, by the way; feel free to update with any observed issue.

Fri, 03/22/2013 - 12:56
Status:patch (needs work)» fixed

I hadn't actually configured the certificate chain properly, which led to issue https://trisquel.info/en/issues/7932

I've now reviewed all configuration and run some tests and I think it's pretty much ok. About the "Run by (Unknown)" stuff, I checked for a bit and even acquiring another type of certificate that allows for proper identification, it seems it would still show that string on Firefox. Check Google for verification. I mean, like https://google.com , I didn't mean for you to search in Google or... :D

Still please update this issue if you find any problem with the set-up.

Fri, 03/22/2013 - 14:32

>About the "Run by (Unknown)" stuff, I checked for a bit and even acquiring another type of certificate that allows for proper identification, it seems it would still show that string on Firefox. Check Google for verification. I mean, like https://google.com , I didn't mean for you to search in Google or... :D

Ah, you're right. I should've done that first. Weird.

Fri, 04/05/2013 - 14:35
Status:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.