You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Geoffrey Noakes <Ge...@symantec.com> on 2011/09/02 18:53:18 UTC
VeriSign documentation choosing between SAN/Wildcard certs in the
Apache HTTPD environment (resend)
HTTPD group, Don and I are with Symantec's Trust Services group - which is probably better known to the Apache community as VeriSign SSL (which includes GeoTrust and Thawte). We have been working with Bill Rowe on this.
We have uploaded 3+ screens of content about choosing between SAN and Wildcard certs to http://wiki.apache.org/httpd/ScratchPad. We have more content, primarily in the form of tables, and we didn't know how to include that in the Wiki. This is *not* meant to be a product recommendation piece, instead it is an education paper.
What we would like to do is to work with Apache's HTTP Community to complete this work. We are specifically asking for anyone who is particularly experienced with SSL to comment on it or offer edits.
Please advise us on how best to move forward and start a dialog about incorporating this scratchpad draft into the Apache documentation.
Thanks...
Geoff
Geoffrey W. Noakes
Director, Business Development
Symantec Corporation
geoffrey_noakes@symantec.com<ma...@symantec.com>
+1-415-370-5980
[discuss] http://wiki.apache.org/httpd/UnderstandingMultiUseSSLCertificates
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
The current wiki page does need some edits to bring the terms and
language in line with Apache/mod_ssl/OpenSSL conventions. Although
multi-use has a broader meaning, several of these would be examples
of multi-host certificates. We want this to be legible to someone
who is nominally familiar with the virtualhost section of the how
to guide in the documentation.
Another observation, the doc should mention SNI if we don't already
discuss it in general. We can keep it succinct for now since clients
have not yet widely adopted it, and many administrators will avoid
it for the time being.
It should also point out the browser quirks in *.foo.com between
different clients, e.g. those which allow website.en.foo.com and
those which don't (where * can't map to >1 segment).
Finally, should we use example.com rather than a real domain name
intersection, here?
[OT: There is no 'discuss' page on our wiki. Should we implement
that if our wiki supports it, or does that all belong here?]
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: VeriSign documentation choosing between SAN/Wildcard certs in
the Apache HTTPD environment (resend)
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 11/16/2011 10:17 PM, Geoffrey Noakes wrote:
> I AM ASKING FOR HELP FROM SOMEONE AT APACHE. Our original offer and ask of Apache was this:
>
> What we would like to do is to work with 1 or 2 HTTPD contributors to finish it off. We
> are looking for people who are well-known and recognized contributors to the HTTPD
> community, and preferably someone who is knowledgeable about SSL and cert
> administration/licensing, and has familiarity with cloud and virtualized environments.
> This is *not* meant to be a product recommendation piece, instead it is an education paper.
Hi Geoff,
I'm sorry your crew has become a bit frustrated. The timing of your
offer is very interesting, we have unfortunately been pounding through
the complexity of a major new release, 2.4.0, that's consumed almost
everyone's attention to detail. New/interesting/non-release-specific
things have gotten the short shift.
> Rich, the URL is at http://wiki.apache.org/httpd/UnderstandingMultiUseSSLCertificates. We
> posted that info on September 2. We are not particularly skilled in Wiki-styled editing,
> and we couldn’t figure out how to upload all our content. I’ve attached the Word document
> that contains our content.
I think everyone keeps being confused by the "3 screens" comment, for
which we were looking around for three different documents, in three
different places. Thanks for reposting the origin document.
> Nick wrote earlier:
>
> So you're looking for review? You might (or might not) find more takers for that on the
> dev list, or even the users list. Or if it's visible on the wiki, add a request for
> review at the top and see who bites.
>
> … How do we do that?
It is visible on the wiki. A short note "this is what we've authored,
please read and provide any feedback if you find it valuable, or items
you found to be confusing".
That feedback would help the docs team to determine if it would be a
good addition [I believe it would].
> Incorporating it into the Apache documentation is not necessarily the best goal.
>
> Since we have the web, we can incorporate it by reference if it exists elsewhere and looks
> sufficiently relevant/useful.
It is nice that the SSL section of the httpd documentation is one of
the most thorough and well thought out sections. If it can be further
expanded with content directly relevant to 80% of users, by all means
we should probably do that.
> … Our original thinking was to contribute content to Apache, and let Apache edit and
> publish it. We thought that if it came from VeriSign (now Symantec) that it would be
> perceived as a product pitch as opposed to an educational piece. If the Apache community
> would be better off with a link to a document authored by us (and posted on a symantec.com
> page) we’ll do that.
>
> How do I get this done?
We can do both or either. We just had this discussion with respect
to Rich's publications. Our challenge, as a neutral collaboration
space, is to provide equal access to offer links to quality resources.
We haven't even figured out the way to do this with respect to our
own PMC member's publications, such as Nick's API book or Rich's regex
guide. But I believe we want to do this.
Sometimes it's just a matter of a gentle poke at the right moment as
folks come off of busy projects before they are again entangled in
busy projects. Everyone is just home from ApacheCon (who attended)
and are probably just collecting their wits again.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
RE: VeriSign documentation choosing between SAN/Wildcard certs in
the Apache HTTPD environment (resend)
Posted by Geoffrey Noakes <Ge...@symantec.com>.
I AM ASKING FOR HELP FROM SOMEONE AT APACHE. Our original offer and ask of Apache was this:
What we would like to do is to work with 1 or 2 HTTPD contributors to finish it off. We are looking for people who are well-known and recognized contributors to the HTTPD community, and preferably someone who is knowledgeable about SSL and cert administration/licensing, and has familiarity with cloud and virtualized environments. This is *not* meant to be a product recommendation piece, instead it is an education paper.
Rich, the URL is at http://wiki.apache.org/httpd/UnderstandingMultiUseSSLCertificates. We posted that info on September 2. We are not particularly skilled in Wiki-styled editing, and we couldn't figure out how to upload all our content. I've attached the Word document that contains our content.
Nick wrote earlier:
So you're looking for review? You might (or might not) find more takers for that on the dev list, or even the users list. Or if it's visible on the wiki, add a request for review at the top and see who bites.
... How do we do that?
Incorporating it into the Apache documentation is not necessarily the best goal.
Since we have the web, we can incorporate it by reference if it exists elsewhere and looks sufficiently relevant/useful.
... Our original thinking was to contribute content to Apache, and let Apache edit and publish it. We thought that if it came from VeriSign (now Symantec) that it would be perceived as a product pitch as opposed to an educational piece. If the Apache community would be better off with a link to a document authored by us (and posted on a symantec.com page) we'll do that.
How do I get this done?
I AM ASKING FOR HELP FROM SOMEONE AT APACHE.
Thanks...
Geoff
From: Rich Bowen [mailto:rbowen@rcbowen.com]
Sent: Wednesday, November 16, 2011 6:09 AM
To: docs@httpd.apache.org
Cc: Igor Gali�; Donald Baker; William Rowe (wrowe@apache.org)
Subject: Re: VeriSign documentation choosing between SAN/Wildcard certs in the Apache HTTPD environment (resend)
On Nov 15, 2011, at 6:47 PM, Geoffrey Noakes wrote:
Bill and Igor, we've not heard anything since when we uploaded this content to the Apache Wiki.
We think we are playing by Apache's rules, but we've not moved toward our end goal: having this documentation on the Apache site.
Can we schedule a time to talk this through? What days/times work for you?
Can you point us to where this is on the Wiki? I don't remember seeing it come across the docs list.
--
Rich Bowen
rbowen@rcbowen.com<ma...@rcbowen.com> :: @rbowen
rbowen@apache.org<ma...@apache.org>
Re: VeriSign documentation choosing between SAN/Wildcard certs in the Apache HTTPD environment (resend)
Posted by Rich Bowen <rb...@rcbowen.com>.
On Nov 15, 2011, at 6:47 PM, Geoffrey Noakes wrote:
> Bill and Igor, we've not heard anything since when we uploaded this content to the Apache Wiki.
>
> We think we are playing by Apache's rules, but we've not moved toward our end goal: having this documentation on the Apache site.
>
> Can we schedule a time to talk this through? What days/times work for you?
Can you point us to where this is on the Wiki? I don't remember seeing it come across the docs list.
--
Rich Bowen
rbowen@rcbowen.com :: @rbowen
rbowen@apache.org
RE: VeriSign documentation choosing between SAN/Wildcard certs in
the Apache HTTPD environment (resend)
Posted by Geoffrey Noakes <Ge...@symantec.com>.
Bill and Igor, we've not heard anything since when we uploaded this content to the Apache Wiki.
We think we are playing by Apache's rules, but we've not moved toward our end goal: having this documentation on the Apache site.
Can we schedule a time to talk this through? What days/times work for you?
Thanks...
Geoff
-----Original Message-----
From: Igor Galić [mailto:i.galic@brainsware.org]
Sent: Friday, September 09, 2011 1:46 PM
To: docs@httpd.apache.org
Cc: Donald Baker; William Rowe (wrowe@apache.org); Geoffrey Noakes
Subject: Re: VeriSign documentation choosing between SAN/Wildcard certs in the Apache HTTPD environment (resend)
----- Original Message -----
> On 9/2/2011 11:53 AM, Geoffrey Noakes wrote:
> >
HI folks,
> > We have uploaded 3+ screens of content about choosing between SAN
> > and Wildcard certs to
> > http://wiki.apache.org/httpd/ScratchPad. We have more content,
Fixed that page up so it can be read --
but didn't have cycles to do so yet
I'll report when I have.
> > primarily in the form of
> > tables, and we didn't know how to include that in the Wiki.
>
> Geoff, the tabular data can be formatted with
>
> || col1 || col2 ||
>
> see http://wiki.apache.org/httpd/HelpOnMoinWikiSyntax#Tables
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>
>
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 571B 8B8A FC97 266D BDA3 EF6F 43AD 80A4 5779 3257
Re: VeriSign documentation choosing between SAN/Wildcard certs in the Apache HTTPD environment (resend)
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
> On 9/2/2011 11:53 AM, Geoffrey Noakes wrote:
> >
HI folks,
> > We have uploaded 3+ screens of content about choosing between SAN
> > and Wildcard certs to
> > http://wiki.apache.org/httpd/ScratchPad. We have more content,
Fixed that page up so it can be read --
but didn't have cycles to do so yet
I'll report when I have.
> > primarily in the form of
> > tables, and we didn't know how to include that in the Wiki.
>
> Geoff, the tabular data can be formatted with
>
> || col1 || col2 ||
>
> see http://wiki.apache.org/httpd/HelpOnMoinWikiSyntax#Tables
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>
>
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 571B 8B8A FC97 266D BDA3 EF6F 43AD 80A4 5779 3257
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: VeriSign documentation choosing between SAN/Wildcard certs in
the Apache HTTPD environment (resend)
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 9/2/2011 11:53 AM, Geoffrey Noakes wrote:
>
> We have uploaded 3+ screens of content about choosing between SAN and Wildcard certs to
> http://wiki.apache.org/httpd/ScratchPad. We have more content, primarily in the form of
> tables, and we didn't know how to include that in the Wiki.
Geoff, the tabular data can be formatted with
|| col1 || col2 ||
see http://wiki.apache.org/httpd/HelpOnMoinWikiSyntax#Tables
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: VeriSign documentation choosing between SAN/Wildcard certs in the Apache HTTPD environment (resend)
Posted by Nick Kew <ni...@apache.org>.
On 2 Sep 2011, at 17:53, Geoffrey Noakes wrote:
[prompted by your post today to look at this]
> We have uploaded 3+ screens of content about choosing between SAN and Wildcard certs tohttp://wiki.apache.org/httpd/ScratchPad. We have more content, primarily in the form of tables, and we didn't know how to include that in the Wiki. This is *not* meant to be a product recommendation piece, instead it is an education paper.
URL? The closest I can see to that is an existing page:
http://wiki.apache.org/httpd/UnderstandingMultiUseSSLCertificates
> What we would like to do is to work with Apache’s HTTP Community to complete this work. We are specifically asking for anyone who is particularly experienced with SSL to comment on it or offer edits.
So you're looking for review? You might (or might not) find more takers for that
on the dev list, or even the users list. Or if it's visible on the wiki, add a request
for review at the top and see who bites.
> Please advise us on how best to move forward and start a dialog about incorporating this scratchpad draft into the Apache documentation.
Not having seen the contents in question ...
Incorporating it into the Apache documentation is not necessarily the best goal.
Since we have the web, we can incorporate it by reference if it exists elsewhere
and looks sufficiently relevant/useful.
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org