[net-dns-users] SSL cert on www.net-dns.org
Willem Toorop
Willem at NLnetLabs.nl
Sun Jan 13 22:07:29 UTC 2013
Op 13-01-13 20:51, Doug Barton schreef:
> I use Ubuntu for my desktop. With Firefox (which doesn't have the cacert
> root) it gives a warning. With Chromium it doesn't give a warning, but
> the page renders differently using https:// than when you don't.
Indeed. The style-sheet links all had http:// urls in them. Chromium
doesn't like non https in a https page. I replaced them by path
references which seems to do the job. You might need to do a
shift-reload to flush the cache
> Check out the URL below for more info.
>
> https://sslcheck.globalsign.com/en_GB/sslcheck?host=www.net-dns.org#213.154.224.135
Very educational, thanks! I have addressed some issues (not the CA),
though for the majority apache has to be upgraded to 2.3+ which is still
not yet available in FreeBSD ports :(
>> Also TLSA records confirming the certificate are present in the
>> net-dns.org zone (which is itself dnssec signed):
>
> Awesome, and irrelevant for 99.999% of Internet users. :)
Ha, but maybe only 99.99% for the DNS aware Net::DNS audience :)
-- Willem
More information about the net-dns-users
mailing list