[Gluster-infra] certificates for www.gluster.org and download.gluster.org

Wed Sep 5 15:32:13 UTC 2018

Le mercredi 05 septembre 2018 à 15:26 +1000, Danil Mashonkin a écrit :
> Hi,
> 
> 
> There is an enquiry to clarify the situation with DigiCert vs Let's
> encrypt.

Hi Danil,

I did answer to you in private with the complete details and timeline
regarding why this did happen, but yes, we are using LE, so no need 
for download.gluster.org certificates.

> We have two certificates issued for download.gluster.org and looks
> like
> none of them in use.
> 
> +Order #
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=order>Order
> Date
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=date>Common
> Name
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=domain>
> StatusValidity
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=lifetime>
> Product
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=product>
> Expires
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=expires>
> + 00761150
> <https://www.digicert.com/enterprise/order-details.php?order_id=00761
> 150> 15
> Sep 2015 download.gluster.org Renewed 3 Years Standard SSL 19 Sep
> 2018
> + 03361764
> <https://www.digicert.com/enterprise/order-details.php?order_id=03361
> 764> 27
> Aug 2018 download.gluster.org Active 2 Years Standard SSL 16 Oct 2020
> $ echo -n|openssl s_client -showcerts -crlf -connect
> download.gluster.org:443 2>/dev/null|openssl x509 -text -noout
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number:
>             03:ce:c4:05:2a:a1:1f:3e:f9:cf:36:7f:39:04:a1:7a:17:6c
>     Signature Algorithm: sha256WithRSAEncryption
>         Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
>         Validity
>             Not Before: Aug  3 02:46:08 2018 GMT
>             Not After : Nov  1 02:46:08 2018 GMT
>         Subject: CN=download.gluster.org
> 
> and www.gluster.org reirect to gluster.wpengine.com
> 
> $ dig www.gluster.org
> 
> ;; ANSWER SECTION:
> www.gluster.org. 300 IN CNAME gluster.wpengine.com.
> gluster.wpengine.com. 120 IN A 35.197.52.145
> 
> And DigiCerts says:
> 
> Order #
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=order>Order
> Date
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=date>Common
> Name
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=domain>
> StatusValidity
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=lifetime>
> Product
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=product>
> Expires
> <https://www.digicert.com/enterprise/certificate-manager.php?perpage=
> 25&sortby=expires>
> + 00761149
> <https://www.digicert.com/enterprise/order-details.php?order_id=00761
> 149> 15
> Sep 2015 www.gluster.org Renewed 3 Years Multi-Domain SSL 19 Sep 2018
> + 03361710
> <https://www.digicert.com/enterprise/order-details.php?order_id=03361
> 710> 27
> Aug 2018 www.gluster.org Active 2 Years Multi-Domain SSL 16 Oct 2020
> So, question is do we really need to keep these DigiCert certificates
> if
> they are not in use?
> 
> Thank you.
> _______________________________________________
> Gluster-infra mailing list
> Gluster-infra at gluster.org
> https://lists.gluster.org/mailman/listinfo/gluster-infra
-- 
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gluster.org/pipermail/gluster-infra/attachments/20180905/5aab6582/attachment.sig>