On Sun, Jan 22, 2017 at 04:19:43PM +0100, Stefan Weil wrote:
On 03/02/15 23:12, Stefan Hajnoczi wrote:
On Sat, Feb 28, 2015 at 04:29:44PM +0100, Stefan Weil wrote:
* It does not support secure access (https), so each login is insecure.
Can we get a free server certificate?
This is on my todo list. I'm travelling right now but will work on it
over the coming weeks.
There are some gotchas:
1. qemu.org vs qemu-project.org. Unless we get a SNI certificate, the
certificate will only be valid for one or the other. Users will get
an untrusted certificate message if they go to the other domain name.
2. We use subdomains, so a wildcard certificate is necessary. That's
not always offered for free so I need to compare the certificate
vendors.
Stefan
Although this discussion thread is rather old, its subject
still applies.
In the meantime there are free certificates available.
We could add https support with a certificate from
https://letsencrypt.org/. As long as there is only a
small number of host names (*), I'd simply add them all
to the primary certificate. In addition, SNI certificates
for the different names can be installed.
Good idea, Jeff and I have discussed Let's Encrypt and have experience
setting it up.
I can help with the installation if that is needed.
Stefan
(*)
qemu.org
qemu.osuosl.org
qemu-project.org
wiki.qemu.org
wiki.qemu-project.org
www.qemu.org
www.qemu-project.org
Are there more host names used?
git.qemu.org
git.qemu-project.org