You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@netbeans.apache.org by Emilian Bold <em...@apache.org> on 2016/11/28 15:10:12 UTC
netbeans.org SSL certificate
I wasn't even aware I've been visiting netbeans.org over SSL this whole
time.
Anyhow, I see the certificate expires next month.
I don't believe the website migration will be done in time, so perhaps
Oracle will be kind enough to renew the certificate and donate to ASF the
private keys when all is done?
This would be an extra resource to add here
https://cwiki.apache.org/confluence/display/NETBEANS/Apache+Transition
[image: Inline image 1]
--emi
Re: netbeans.org SSL certificate
Posted by Geertjan Wielenga <ge...@googlemail.com>.
Yes, please add that, will investigate.
Gj
On Mon, Nov 28, 2016 at 4:10 PM, Emilian Bold <em...@apache.org> wrote:
> I wasn't even aware I've been visiting netbeans.org over SSL this whole
> time.
>
> Anyhow, I see the certificate expires next month.
>
> I don't believe the website migration will be done in time, so perhaps
> Oracle will be kind enough to renew the certificate and donate to ASF the
> private keys when all is done?
>
> This would be an extra resource to add here https://cwiki.apache.org/
> confluence/display/NETBEANS/Apache+Transition
>
> [image: Inline image 1]
>
> --emi
>
Re: netbeans.org SSL certificate
Posted by Martin Balin <Ma...@Oracle.COM>.
Certificate renewal is in progress. It will be done by Oracle admins
Martin
On 1.12.2016 18:52, Mark Struberg wrote:
> You have to renew LE certificates every few months.
> And out of a security-paranoia aspect I guess we want to do this renewal manually.
> So I agree it's not really practical.
>
> Even after Oracle donates the nb.org domain I guess it will still remain active (just to prevent domain grabbing). I assume it will simply redirect to netbeans.apache.org. Or might even continue to serve as an enduser facing page. In any case we will continue to have a certificate.
>
> Now from the strictly practical point: Oracle still owns the domain. It was not yet handed over, right? And Oracle still has the sole control over the hosts. So I assume it will be the easiest if Oracle would renew the certificate for this time. We would not be able to install any new cert anyway.
>
> LieGrue,
> strub
>
>
>> Am 29.11.2016 um 17:54 schrieb Emilian Bold <em...@gmail.com>:
>>
>> When you mention sub-domains I assume you are thinking of *.apache.org.
>>
>> netbeans.org would be a separate domain where you could user Lets Encrypt
>> without issues.
>>
>>
>>
>> --emi
>>
>> On Mon, Nov 28, 2016 at 6:47 PM, Daniel Gruno <hu...@apache.org> wrote:
>>
>>> On 11/28/2016 05:43 PM, Emilian Bold wrote:
>>>> Yeah, with Let's Encrypt this is less of a hassle I assume.
>>>>
>>>> �n lun., 28 nov. 2016 la 18:32 Bertrand Delacretaz <
>>> bdelacretaz@apache.org>
>>>> a scris:
>>>>
>>>>> On Mon, Nov 28, 2016 at 4:10 PM, Emilian Bold <em...@apache.org> wrote:
>>>>>> ...perhaps Oracle will be kind enough to renew the certificate and
>>>>> donate to
>>>>>> ASF the private keys when all is done?...
>>>>> Daniel as our infra mentor will be able to confirm but I suppose we
>>>>> have all we need in house, probably using free certificates in which
>>>>> case that wouldn't be needed. but thanks for the suggestion - let's
>>>>> wait for Daniels' opinion.
>>> Not free, but we can produce certs for domains we own, yes.
>>> We don't use Lets Encrypt at the ASF, it's just not practical when you
>>> have a distributed setup with some 400+ sub-domains (LE does not support
>>> wildcard certs).
>>>
>>>>> -Bertrand
>>>>>
>>>
Re: netbeans.org SSL certificate
Posted by Mark Struberg <st...@yahoo.de.INVALID>.
You have to renew LE certificates every few months.
And out of a security-paranoia aspect I guess we want to do this renewal manually.
So I agree it's not really practical.
Even after Oracle donates the nb.org domain I guess it will still remain active (just to prevent domain grabbing). I assume it will simply redirect to netbeans.apache.org. Or might even continue to serve as an enduser facing page. In any case we will continue to have a certificate.
Now from the strictly practical point: Oracle still owns the domain. It was not yet handed over, right? And Oracle still has the sole control over the hosts. So I assume it will be the easiest if Oracle would renew the certificate for this time. We would not be able to install any new cert anyway.
LieGrue,
strub
> Am 29.11.2016 um 17:54 schrieb Emilian Bold <em...@gmail.com>:
>
> When you mention sub-domains I assume you are thinking of *.apache.org.
>
> netbeans.org would be a separate domain where you could user Lets Encrypt
> without issues.
>
>
>
> --emi
>
> On Mon, Nov 28, 2016 at 6:47 PM, Daniel Gruno <hu...@apache.org> wrote:
>
>> On 11/28/2016 05:43 PM, Emilian Bold wrote:
>>> Yeah, with Let's Encrypt this is less of a hassle I assume.
>>>
>>> În lun., 28 nov. 2016 la 18:32 Bertrand Delacretaz <
>> bdelacretaz@apache.org>
>>> a scris:
>>>
>>>> On Mon, Nov 28, 2016 at 4:10 PM, Emilian Bold <em...@apache.org> wrote:
>>>>> ...perhaps Oracle will be kind enough to renew the certificate and
>>>> donate to
>>>>> ASF the private keys when all is done?...
>>>>
>>>> Daniel as our infra mentor will be able to confirm but I suppose we
>>>> have all we need in house, probably using free certificates in which
>>>> case that wouldn't be needed. but thanks for the suggestion - let's
>>>> wait for Daniels' opinion.
>>
>> Not free, but we can produce certs for domains we own, yes.
>> We don't use Lets Encrypt at the ASF, it's just not practical when you
>> have a distributed setup with some 400+ sub-domains (LE does not support
>> wildcard certs).
>>
>>>>
>>>> -Bertrand
>>>>
>>>
>>
>>
Re: netbeans.org SSL certificate
Posted by Emilian Bold <em...@gmail.com>.
When you mention sub-domains I assume you are thinking of *.apache.org.
netbeans.org would be a separate domain where you could user Lets Encrypt
without issues.
--emi
On Mon, Nov 28, 2016 at 6:47 PM, Daniel Gruno <hu...@apache.org> wrote:
> On 11/28/2016 05:43 PM, Emilian Bold wrote:
> > Yeah, with Let's Encrypt this is less of a hassle I assume.
> >
> > În lun., 28 nov. 2016 la 18:32 Bertrand Delacretaz <
> bdelacretaz@apache.org>
> > a scris:
> >
> >> On Mon, Nov 28, 2016 at 4:10 PM, Emilian Bold <em...@apache.org> wrote:
> >>> ...perhaps Oracle will be kind enough to renew the certificate and
> >> donate to
> >>> ASF the private keys when all is done?...
> >>
> >> Daniel as our infra mentor will be able to confirm but I suppose we
> >> have all we need in house, probably using free certificates in which
> >> case that wouldn't be needed. but thanks for the suggestion - let's
> >> wait for Daniels' opinion.
>
> Not free, but we can produce certs for domains we own, yes.
> We don't use Lets Encrypt at the ASF, it's just not practical when you
> have a distributed setup with some 400+ sub-domains (LE does not support
> wildcard certs).
>
> >>
> >> -Bertrand
> >>
> >
>
>
Re: netbeans.org SSL certificate
Posted by Daniel Gruno <hu...@apache.org>.
On 11/28/2016 05:43 PM, Emilian Bold wrote:
> Yeah, with Let's Encrypt this is less of a hassle I assume.
>
> �n lun., 28 nov. 2016 la 18:32 Bertrand Delacretaz <bd...@apache.org>
> a scris:
>
>> On Mon, Nov 28, 2016 at 4:10 PM, Emilian Bold <em...@apache.org> wrote:
>>> ...perhaps Oracle will be kind enough to renew the certificate and
>> donate to
>>> ASF the private keys when all is done?...
>>
>> Daniel as our infra mentor will be able to confirm but I suppose we
>> have all we need in house, probably using free certificates in which
>> case that wouldn't be needed. but thanks for the suggestion - let's
>> wait for Daniels' opinion.
Not free, but we can produce certs for domains we own, yes.
We don't use Lets Encrypt at the ASF, it's just not practical when you
have a distributed setup with some 400+ sub-domains (LE does not support
wildcard certs).
>>
>> -Bertrand
>>
>
Re: netbeans.org SSL certificate
Posted by Emilian Bold <em...@apache.org>.
Yeah, with Let's Encrypt this is less of a hassle I assume.
În lun., 28 nov. 2016 la 18:32 Bertrand Delacretaz <bd...@apache.org>
a scris:
> On Mon, Nov 28, 2016 at 4:10 PM, Emilian Bold <em...@apache.org> wrote:
> > ...perhaps Oracle will be kind enough to renew the certificate and
> donate to
> > ASF the private keys when all is done?...
>
> Daniel as our infra mentor will be able to confirm but I suppose we
> have all we need in house, probably using free certificates in which
> case that wouldn't be needed. but thanks for the suggestion - let's
> wait for Daniels' opinion.
>
> -Bertrand
>
Re: netbeans.org SSL certificate
Posted by Bertrand Delacretaz <bd...@apache.org>.
On Mon, Nov 28, 2016 at 4:10 PM, Emilian Bold <em...@apache.org> wrote:
> ...perhaps Oracle will be kind enough to renew the certificate and donate to
> ASF the private keys when all is done?...
Daniel as our infra mentor will be able to confirm but I suppose we
have all we need in house, probably using free certificates in which
case that wouldn't be needed. but thanks for the suggestion - let's
wait for Daniels' opinion.
-Bertrand