[OPEN-ILS-GENERAL] SSL cert discussion for demo servers; why, how, who, how much, etc.

Jason Etheridge jason at esilibrary.com
Fri Dec 2 15:50:53 EST 2011


This was discussed briefly during today's community meeting on IRC:
http://evergreen-ils.org/dokuwiki/doku.php?id=community:meetings:2011-12-02

The problem is that we're not providing valid certs for the demo
servers offered currently, and this potentially scares away people
trying out Evergreen and may make us look unprofessional.

http://evergreen-ils.org/dokuwiki/doku.php?id=community_servers

Perhaps the easiest thing to do is to just document and warn folks of
the behavior and how to get around it.  This initially got some
support during the meeting, but while this is straightforward for the
staff client, it may be less so for the OPAC and the plethora of web
browsers out there, and could still scare folks off, especially if
they skim the instructions.

A wild-card certificate could allow us to point similar hostnames to
multiple servers (e.g. rel_2_1_1.demo.evergreen-ils.org,
rel_2_0_11.demo.evergreen-ils.org).  Dan Scott mentioned that the
Oversight Board would probably be amenable to approving an expenditure
for a cert, given good holiday donations. :)

http://evergreen-ils.org/sfc.php

My opinion is that use of a common cert and hostname scheme should be
optional for the servers listed on the demo list page (I like the
cosmopolitan/community feel of many servers with different hostnames,
and some folks may want to advertise themselves via their hostnames),
but I think it's a good idea for us to have some "official" servers
using such a scheme, with volunteers hosting and/or maintaining the
actual servers.

Thoughts, comments, ways forward?

-- 
Jason Etheridge
 | Equinox Software, Inc. / Your Library's Guide to Open Source
 | phone:  1-877-OPEN-ILS (673-6457)
 | email:  jason at esilibrary.com
 | web:  http://www.esilibrary.com


More information about the Open-ils-general mailing list