https access broken #37
Comments
|
AFAIK HTTPS access hasn't be set up at all, so I wouldn't consider this a bug (but an enhancement). But let's tag @abburgess here as an opportunity to push/learn about the plans for HTTPS access. |
|
The reason this is critical is that the entire web is moving to secure protocols for web browsing, as http access is increasingly insecure and un-private. For example see https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl, which indicates any http site will be marked as not secure with a banner in Google Chrome starting in July 2018.
|
|
All Symantec PKIs are affected (e.g., digicert, geotrust, rapidssl,thawte, verisign, equifax); see https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html |
|
@lewismc Did you move this to some other tracker? |
|
AFAICT, this also affects SWEET. I'm not sure what this entails, specifically, as it is unclear at present if it's a host/provider issue or can be toggled via DNS (or both)? Could this be a bullet point at the next COR meeting? :) |
|
@brandonnodnarb I think it is a matter of getting a certificate and install it for |
|
I think I will need to get some support from ESIP so I can make appropriate changes in the AWS environment, but not 100% sure of that. I haven't pursued getting a better role on the AWS environment (my current role/authority is very limited) because they were so swamped for the summer meeting, but it's on my list. |
|
If you go for LE, see https://dev.to/greenteabiscuit/using-let-s-encrypt-on-aws-ec2-instance-2aca |
I can't access COR on https://cor.esipfed.org, connection is refused.
The text was updated successfully, but these errors were encountered: