mediatools.cs.ucl.ac.uk over SSL with unmatched self-signed certificate

[piers]

(Derek Piper, <dcpiper@…> wrote the following to the ag-tech list (post  archived here), and to the sumover-tech list in response to our release announcement, see thread  archived here)

Hi Piers,

Can I ask why the site is over SSL? The self-signed certificate for your site does not match the URL so it seems strange as to why you would only allow connections over SSL but not have it configured correctly?

Derek

--
Derek Piper - dcpiper@… - (812) 856 0111
IRI 323, School of Informatics
Indiana University, Bloomington, Indiana

[socrates]

Hi Derek,

Thanks for comments.

Good point - We thought SSL would provide a measure of protection against remote commit password compromise. Also we figured it may help somewhat against wiki-spam.

The cert is basically correct as mediatools is a CNAME for frostie.cs.ucl.ac.uk. However you're right we should create an appropriate cert for the this hostname so as save confusion. Also I have to admit I added the alias at the last minute - I thought it clearer as the nature of the site. We will fix it in May.

Thanks,

Piers.

[piers]

It turns out that it is fundamental problem in Apache when using mod_ssl - NameBasedVirtualHosting? (NBVH) isn't possible with SSL for the reasons explained below:  http://www.mail-archive.com/modssl-users@modssl.org/msg07872.html  http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47

I have made the site accessible over http - with https access only necessary when logging into Trac.