Or CAcert, which appears to use a web-of-trust approach to provide free SSL certificates. I have no experience with them, I only noticed that the Blender Foundation uses them for their SVN repository.
Their root certificate is not known to the major browsers, so things aren’t any easier for the end user, but it’s a bit better than a self-signed certificate from a security point of view.
Foundry Portal now available with Secure HTTP
Moderators: OpenUru.org Moderators, Bugtracker Resource Managers
-
Christian Walther
- Member
- Posts: 317
- Joined: Sat Dec 13, 2008 10:54 am
Re: Foundry Portal now available with Secure HTTP
To be honest, my main reason to enable HTTPS was to avoid having authentication data pass in the clear, which might have been of concern to users. I wasn't thinking there would be interest in identity confirmation.
If the latter is an item of concern to the community, we can of course work toward obtaining a certificate from known trust chains. It all comes down to if it's important (and if there's a perception perhaps that having the secure channel implies something we aren't trying to represent, ending with a missed expectation from users).
_R
If the latter is an item of concern to the community, we can of course work toward obtaining a certificate from known trust chains. It all comes down to if it's important (and if there's a perception perhaps that having the secure channel implies something we aren't trying to represent, ending with a missed expectation from users).
_R
One of the OpenUru toolsmiths... a bookbinder.
-
Dachannien
- Member
- Posts: 16
- Joined: Wed Dec 17, 2008 12:23 am
Re: Foundry Portal now available with Secure HTTP
The main issue is probably just the big ugly warning boxes in web browsers, as well as Mercurial's unceremonious exit in the presence of a self-signed cert. Both can be worked around, but some minor "getting started" documentation to this effect is probably merited.
Re: Foundry Portal now available with Secure HTTP
There is an instruction sheet on the wiki covering the certificate installation in most browsers and TortoiseHg (http://wiki.openuru.org/index.php?title ... stallation), and that note is linked from the "Development" menu button and a couple of other pages that refer to the Foundry. If that instruction isn't doing the job for you, let me know what's wrong with it, and I'll see what I can do to improve things.
Mac_Fife
OpenUru.org wiki wrangler
OpenUru.org wiki wrangler
-
Dachannien
- Member
- Posts: 16
- Joined: Wed Dec 17, 2008 12:23 am
Re: Foundry Portal now available with Secure HTTP
I guess the only thing I'd suggest is including it in the "how to get it" steps list on the CyanWorlds.com Engine wiki page, since it is a required step. As it is now, it can be easily missed by someone skimming the instructions. 
(Also, the "how to get it" steps are out of date since they still talk about waiting for account approval.)
(Also, the "how to get it" steps are out of date since they still talk about waiting for account approval.)Re: Foundry Portal now available with Secure HTTP
OK thanks. I've amended the "How to Get it" section of the wiki page now. There'll probably be a few things that will go out of date on a regular basis here as things progress and develop, so any comments like that are welcome. Or help yourself to making an edit if you see it needed!
Mac_Fife
OpenUru.org wiki wrangler
OpenUru.org wiki wrangler