[Kolab-devel] http without s access to issues.kolab.org (bugzilla)
Jeroen van Meeuwen (Kolab Systems)
vanmeeuwen at kolabsys.com
Fri Dec 2 13:14:56 CET 2011
On 2011-12-02 11:33, Bernhard Reiter wrote:
> Hi,
> it seems that issues.kolab.org always switches to https when
> requested as
> http. I know a couple of organisations where https is only allowed
> if the certificate is fully authorized by the firewall.
> The current setting excludes people from looking at issues and
> participating
> in our iniative.
>
> There are several possible solutions:
> a) allow http
At least pretending to be, but perhaps just being a security-concious
individual, I'm inclined to refuse allowing plain-text logins, for all
the obvious reasons, despite the apparent overall consensus plain-text
logins and privacy sensitive data transfer can be allowed by default
[1,2,3,...].
[1] http://git.kolab.org/server/tree/imapd/imapd.conf?h=2.3-stable#n16
[2]
http://git.kolab.org/server/tree/kolabd/kolabd/templates/imapd.conf.template?h=2.3-stable#n25
[3]
http://git.kolab.org/server/tree/kolab-webclient/horde/configuration/horde-3.3.11/10-kolab_conf_base.php?h=2.3-stable#n61
> b) pay the common-ca-in-browsers tax with a good ca.
>
> Half a solution would be to use Intevation's tiny CA, where we can
> tell
> organisations at least to import one proper root ca.
>
The wildcard certificate that was given to us by Thomas Arendsen Hein
is actually a *.kolab.org wildcard certificate signed by Intevation
GmbH's CA.
If you look closer at the certificate used, I'm sure you will find the
same I've found; please see attached.
If you do not agree with my findings, and find something entirely
different, please make me aware of the actual issue so that I can
address and resolve it.
Kind regards,
Jeroen van Meeuwen
--
Senior Engineer, Kolab Systems AG
e: vanmeeuwen at kolabsys.com
t: +44 144 340 9500
m: +44 74 2516 3817
w: http://www.kolabsys.com
pgp: 9342 BF08
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot-Certificate Viewer:"*.kolab.org".png
Type: image/png
Size: 44033 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20111202/18bd8c4f/attachment.png>
More information about the devel
mailing list