[Sorry for the long quote, but this all looks like relevant info and the thread has been dead a while...] At Mon, 14 Jun 2010 09:55:17 -0700, admin@thefireflyproject.us wrote:
I recently switched from Firefox to Chromium, and I've been having issues accessing [1]https://svn.boost.org. It seems that the SSL certificate used for [2]svn.boost.org is either not properly configured, or not issued by one of the major SSL certificate providers (e.g. VeriSign, GoDaddy). Examination of the certificate indicates that it's issued by the Computer Science Department of Indiana University, and the certificate doesn't have a chain that leads back to a well known CA (the chain is just '[3]svn.boost.org => [4]cs.indiana.edu', and most browsers I've tried don't recognize [5]cs.indiana.edu as a legitimate CA by default).
If this isn't just a matter of improper configuration (or, for that matter, just a matter of my browsers being screwy), I'd be happy to offer my own SSL certificate to Boost. The certificate is a standard SSL certificate issued by GoDaddy (domain controlled validation, certificate signing algorithm is RSA 2048 bits), and it's paid through 02/20/2011.
I'm currently using my cert for my Debian mirror, so I would have to revoke the current certificate, and then submit a CSR from [6]boost.org's server. Ideally, then I would generate a CSR request, and the boost server would sign it; I'd end up with a cert chain of 'mysite => [7]boost.org => GoDaddy'. [8]boost.org and subdomains would have a cert signed directly by GoDaddy, so the [9]svn.boost.org cert would be verify by most browsers automatically.
If there's any interest in this, please let me know.
- Bryce Lelbach
References
1. https://svn.boost.org/ 2. http://svn.boost.org/ 3. http://svn.boost.org/ 4. http://cs.indiana.edu/ 5. http://cs.indiana.edu/ 6. http://boost.org/ 7. http://boost.org/ 8. http://boost.org/ 9. http://svn.boost.org/
If we still don't have a valid cert, we should cert-ainly (sorry) consider taking Bryce up on his offer. Bryce, is this a wildcard cert? If not, how can it work for our subdomains? -- Dave Abrahams BoostPro Computing http://www.boostpro.com