Tim Landscheidt wrote: We don't actively use CAcert anymore since we can afford certs which don't toss confusing messages at visitors. :) This is an old link from when we stuck our tech doc wiki on my personal site for a while; you'll see there's a nicer cert at the permanent URL: https://wikitech.wikimedia.org/ Wikimedia DE folks run this... Who can poke it? -- brion

Brion Vibber <brion(a)wikimedia.org> wrote: Hmmm, the latter now shows a self-signed certificate again? Tim

On 8/12/09 3:49 PM, Tim Landscheidt wrote: Yeah, but it's got the right URL at least! ;) -- brion

Hi! how is that an issue? Domas

Hi! I know what happens when self-signed certificate is used. Why the heck is that an issue with wikitech.wikimedia.org wiki? And then what? I for one use HTTP to access that wiki, feel free to hijack my account, and, um, vandalize. You won't need to do MITM for that, actually, will save you some effort. I thought there're more important issues out there ;-) Domas

"Tim Landscheidt" <tim(a)tim-landscheidt.de> wrote in message news:m3skfsna0i.fsf@passepartout.tim-landscheidt.de... Firefox, for example, gives a very scary notice if you visit that address. I for one would not trust anything for which such a scary notice was generated, even if I trust the owners of the site (as I do here). The message indicates that the site may have been compromised, and that is too much of a risk to take these days. IE gives a less scary message, but it still very firmly informs you: "close this webpage and do not continue to this website". Again, not a message I would ignore. Seriously, unless you are intentionally trying to scare people away from the site, then this should be fixed. - Mark Clements (HappyDog)

On 8/24/09 3:04 PM, Aryeh Gregor wrote: Pretty much, yeah. :) We put "real" certs on public-facing sites, but just haven't bothered with what is essentially our tech department intranet. (But since we're crazy people it's open if you want to look at it!) -- brion

On 8/24/09 3:38 PM, Lane, Ryan wrote: Safer, but less convenient as it would take us a few extra minutes to set up which we might as well spend on buying an $8 public-friendly cert. ;) -- brion

Tim Landscheidt wrote: Can I chip in a few more bucks to get the old MD5-hashed certs (like the one for bugzilla.wikimedia.org) replaced? They may technically still be safe (if just barely), but at least the "SSL Blacklist" Firefox extension throws up a big scary warning about them and it's annoying to have to click through it. -- Ilmari Karonen