Re: [boost] boost.org https certificate expired 4 month ago

14 Aug 2015

      On 08/14/2015 07:11 AM, Marcin Zalewski wrote:
...
On Fri, Aug 14, 2015 at 2:51 AM Vladimir Prus 
wrote:
...
On 12-Aug-15 12:38 AM, Niall Douglas wrote:
...
On 11 Aug 2015 at 1:36, Klaim - Joël Lamotte wrote:
...
...
I noticed today that the https of boost.org is expired, and should
have a
new certificate:
https://www.ssllabs.com/ssltest/analyze.html?d=boost.org
My understanding is that the process to renew the certificate was
started
few months ago but
got nowhere. Not totally sure why though.
The last status report from the steering committee is available there:
http://permalink.gmane.org/gmane.comp.lib.boost.steering/126
We have a new SSL cert, and have had for some months.
The problem is installing it. We no longer have root access to the
server in question and I understand the person who had root access
isn't responding to email.
It's unfortunate that the Steering Committee had not taken a decisive
action here - either reaching other people at OSL - or deciding
that we've lost webserver access completely, and need to start over.
As I said in my previous email, there was an exchange between our admin and
boost. The certificate was delivered to us, but it was incomplete, missing
the key. We asked for the key, but the email thread broke off, and we never
got the necessary files. If someone has all the necessary files, we can get
the key installed today. If nobody has the files and we should get the
certificate ourselves, we are open to that.
Hello -

I've been one of the 3rd parties with no control, access, or keys that 
has been trying to nudge all of the in-the-know parties to get something 
done (via personal emails). We finally got to the point where the admin 
was responding but then the keys that were purchased were not SHA-2.

We left off with the group that can purchase the SHA-2 wildcard cert 
needed the admin to provide the CSR to do so.

This is all mind numbingly frustrating. I appreciate the sentiment of 
finding new hosting and we (Ciere) have already done that for some Boost 
assets. It also requires a level access to the old system that we don't 
have. We are actively working on a transition.

Meanwhile ... I'll start emailing again  (o;

michael

-- 
Michael Caisse
ciere consulting
ciere.com