Package: qa.debian.org Severity: normal User: qa.debian.org@packages.debian.org Usertags: debsources Please add an SSL certificate signed by the CAs so that users visiting the site over SSL don't get warnings from their browsers. There are 3 CAs offering gratis certs, GlobalSign's offer seems the best for now: https://www.globalsign.com/ssl/ssl-open-source/ You will need to adjust the following instructions depending on requirements from GlobalSign but a basic rundown: Create a private key and .csr (cert signing request) on the server: openssl req -new -newkey rsa:2048 -days 365 -nodes -keyout sources.debian.net.key -out sources.debian.net.csr -subj '/O=Debian/OU=QA/CN=sources.debian.net/emailAddress=debian-qa@lists.debian.org' Save the .key to this path on the server, chmod 600: /etc/ssl/private/sources.debian.net.key Upload the .csr to the GlobalSign website and save the .crt file here: /etc/ssl/debian/certs/sources.debian.net.crt There will also be an CA issuer chain involved, save that here: /etc/ssl/debian/certs/sources.debian.net.crt-chain If you would like to have the same level of SSL setup as debian.org hosts, you can install libapache2-mod-macro and drop the two config files below into your apache2 setup, then use the macros like this: Use common-debian-service-https-redirect * sources.debian.net <VirtualHost *:443> ServerName sources.debian.net Use common-debian-service-ssl sources.debian.net Use common-ssl-HSTS </VirtualHost> https://anonscm.debian.org/cgit/mirror/dsa-puppet.git/tree/modules/apache2/files/puppet-config https://anonscm.debian.org/cgit/mirror/dsa-puppet.git/tree/modules/apache2/files/puppet-ssl-macros -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part