Michal Čihař - New SSL certificates

New SSL certificates

Today, I've replaced server SSL certificates with new ones issues by GlobalSign. These should not suffer of same trust problems as CACert one used so far (especially after CACert root certificate being removed from Debian).

While doing this, I had to use SNI on server to be able to decide which SSL certificate it should use. This should work for any decent browser, but I guess your scripts might have problems, but I hope this will be rare. Anyway if you will face some issues because of this, please let me know.

Other than that I've also tweaked SSL setup to follow current best practice, what could also cause troubles to some ancient clients, but I hope these are non existing in this case :-). See Qualys SSL report for more details.

Anyway thanks to GlobalSign free SSL certificates for open source projects you can use hosted Weblate without any SSL warnings.

PS: Similar change (just without SNI) has happened last week on phpMyAdmin web servers as well.


wrote on April 10, 2014, 3:18 a.m.

I'm looking at doing this for on open source project I'm part of, since we just moved to our own server recently, but I'm wondering: do you need to have a legal entity for the project organization to do this? I was approved, but I can't get past the first page in the order form, because it requires a legal organization. To make it even worse, I haven't been able to get in contact with the GlobalSign staff all day!

Does Weblate have a legal entity behind it, or how did you get around this?

wrote on April 10, 2014, 10:41 a.m.

I've used my personal address there. None of these information is part of the certificate, so I don't think it really matters.

wrote on April 10, 2014, 4:17 p.m.

Alright, thanks for the info!