jasig SSL & Domain issues

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

jasig SSL & Domain issues

Eric Dalquist
A few things that would be good to get fixed up:

For WCW:
  1. https://www.ja-sig.org fails with an invalid SSL record error, we don't have a valid cert for that domain but I think we should just setup the *.jasig.org cert for the https://www.ja-sig.org and https://ja-sig.org vhosts so you can at least get through the browser warnings to a redirect
  2. ja-sig.org and www.ja-sig.org (both over http and https) should redirect to http://www.jasig.org. Right now www.ja-sig.org serves the Jasig website content which is a detriment to our search engine rankings and our analytics data.
  3. Force http://www.jasig.org/user to redirect to https://www.jasig.org/user so that passwords are sent over https
    1. If possible have the login session cookie set to be secure only so that it is only presented over https to prevent firesheep style session stealing attacks

For Infra Team:
  1. Remove the *.ja-sig.org and *.jasig.org DNS records. These currently point to WCW but they result in bizarre URLs like http://foobar.jasig.org redirects to http://www.foobar.jasig.org


Any additional thoughts/objections on this list?

-Eric

smime.p7s (9K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: jasig SSL & Domain issues

Jim Helwig-2
Those look like good suggestions to me.  Chuck would have to do the first three. Who would take care of the fourth one?

on 10/20/2011 10:21 AM Eric Dalquist said the following:
A few things that would be good to get fixed up:

For WCW:
  1. https://www.ja-sig.org fails with an invalid SSL record error, we don't have a valid cert for that domain but I think we should just setup the *.jasig.org cert for the https://www.ja-sig.org and https://ja-sig.org vhosts so you can at least get through the browser warnings to a redirect
  2. ja-sig.org and www.ja-sig.org (both over http and https) should redirect to http://www.jasig.org. Right now www.ja-sig.org serves the Jasig website content which is a detriment to our search engine rankings and our analytics data.
  3. Force http://www.jasig.org/user to redirect to https://www.jasig.org/user so that passwords are sent over https
    1. If possible have the login session cookie set to be secure only so that it is only presented over https to prevent firesheep style session stealing attacks

For Infra Team:
  1. Remove the *.ja-sig.org and *.jasig.org DNS records. These currently point to WCW but they result in bizarre URLs like http://foobar.jasig.org redirects to http://www.foobar.jasig.org


Any additional thoughts/objections on this list?

-Eric
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/jasig-webpresence
Reply | Threaded
Open this post in threaded view
|

Re: jasig SSL & Domain issues

Eric Dalquist
I can take care of the infra team step,

Also I just noticed that a bunch of redirects from old URLs are no longer setup correctly

http://www.ja-sig.org/wiki/
http://www.jasig.org/wiki/
http://www.ja-sig.org/issues/
http://www.jasig.org/issues/
http://www.ja-sig.org/svn/
http://www.jasig.org/svn/

Those should be going to the following with 301 redirects
https://wiki.jasig.org
https://issues.jasig.org
https://source.jasig.org

There are still a lot of links out there to the old URLs and we need to maintain these redirects on the WCW site.

-Eric

On 10/21/11 7:42 AM, Jim Helwig wrote:
Those look like good suggestions to me.  Chuck would have to do the first three. Who would take care of the fourth one?

on 10/20/2011 10:21 AM Eric Dalquist said the following:
A few things that would be good to get fixed up:

For WCW:
  1. https://www.ja-sig.org fails with an invalid SSL record error, we don't have a valid cert for that domain but I think we should just setup the *.jasig.org cert for the https://www.ja-sig.org and https://ja-sig.org vhosts so you can at least get through the browser warnings to a redirect
  2. ja-sig.org and www.ja-sig.org (both over http and https) should redirect to http://www.jasig.org. Right now www.ja-sig.org serves the Jasig website content which is a detriment to our search engine rankings and our analytics data.
  3. Force http://www.jasig.org/user to redirect to https://www.jasig.org/user so that passwords are sent over https
    1. If possible have the login session cookie set to be secure only so that it is only presented over https to prevent firesheep style session stealing attacks

For Infra Team:
  1. Remove the *.ja-sig.org and *.jasig.org DNS records. These currently point to WCW but they result in bizarre URLs like http://foobar.jasig.org redirects to http://www.foobar.jasig.org


Any additional thoughts/objections on this list?

-Eric
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/jasig-webpresence

smime.p7s (9K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: jasig SSL & Domain issues

Jim Helwig-2
Would another one be http://www.ja-sig.org/downloads/, which I presume would redirect to http://downloads.jasig.org/?

on 10/24/2011 2:41 PM Eric Dalquist said the following:

> I can take care of the infra team step,
>
> Also I just noticed that a bunch of redirects from old URLs are no longer setup correctly
>
> http://www.ja-sig.org/wiki/
> http://www.jasig.org/wiki/
> http://www.ja-sig.org/issues/
> http://www.jasig.org/issues/
> http://www.ja-sig.org/svn/
> http://www.jasig.org/svn/
>
> Those should be going to the following with 301 redirects
> https://wiki.jasig.org
> https://issues.jasig.org
> https://source.jasig.org
>
> There are still a lot of links out there to the old URLs and we need to maintain these redirects on the WCW site.
>
> -Eric
>
> On 10/21/11 7:42 AM, Jim Helwig wrote:
>> Those look like good suggestions to me. Chuck would have to do the first three. Who would take care of the fourth one?
>>
>> on 10/20/2011 10:21 AM Eric Dalquist said the following:
>>> A few things that would be good to get fixed up:
>>>
>>> *For WCW:*
>>>
>>>  1. https://www.ja-sig.org fails with an invalid SSL record error, we don't have a valid cert for that domain but I think we should just setup the *.jasig.org cert for the https://www.ja-sig.org and https://ja-sig.org vhosts so you can at least get through the browser warnings to a redirect
>>>  2. ja-sig.org and www.ja-sig.org (both over http and https) should redirect to http://www.jasig.org. Right now www.ja-sig.org serves the Jasig website content which is a detriment to our search engine rankings and our analytics data.
>>>  3. Force http://www.jasig.org/user to redirect to https://www.jasig.org/user so that passwords are sent over https
>>>      1. If possible have the login session cookie set to be secure only so that it is only presented over https to prevent firesheep style session stealing attacks
>>>
>>>
>>> *For Infra Team:*
>>>
>>>  1. Remove the *.ja-sig.org and *.jasig.org DNS records. These currently point to WCW but they result in bizarre URLs like http://foobar.jasig.org redirects to http://www.foobar.jasig.org
>>>
>>>
>>>
>>> Any additional thoughts/objections on this list?
>>>
>>> -Eric
>> --
>> You are currently subscribed [hidden email]  as:[hidden email]
>> To unsubscribe, change settings or access archives, seehttp://www.ja-sig.org/wiki/display/JSG/jasig-webpresence

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/jasig-webpresence