[Twisted-Python] twistedmatrix.com TLS certificate

Glyph Lefkowitz glyph at twistedmatrix.com
Mon Mar 6 20:19:22 MST 2017


> On Mar 6, 2017, at 12:16 AM, Cory Benfield <cory at lukasa.co.uk> wrote:
> 
> 
>> On 6 Mar 2017, at 07:22, Tristan Seligmann <mithrandi at mithrandi.net <mailto:mithrandi at mithrandi.net>> wrote:
>> 
>> twistedmatrix.com <http://twistedmatrix.com/>'s current certificate is issued by StartCom Certification Authority; for certificates issued by this CA prior to 2016-09-21, the domain must be on a Chrome whitelist for it to be accepted. As of Chrome 58.0.3026.3 (canary/dev channel only, currently, but eventually this will presumably be in a release version) twistedmatrix.com <http://twistedmatrix.com/> is no longer[1] on the whitelist, which means that twistedmatrix.com <http://twistedmatrix.com/> will issue a certificate error. Can we switch to another CA? (Let's Encrypt, for example; I hear somebody wrote a Twisted library for using that)
>> 
>> I'm sending this to the general list in case anyone else has been scratching their head about why they're getting cert warnings.
> 
> This is an extremely good idea.

Yes please.

This is the rare ops task that will actually be quite easy for someone to add in to Braid as a PR: https://github.com/twisted-infra/braid <https://github.com/twisted-infra/braid>

If you have a look at https://github.com/twisted-infra/braid/blob/master/services/t-web/twisted-web/ports <https://github.com/twisted-infra/braid/blob/master/services/t-web/twisted-web/ports> you might be able to guess how such a thing would go...

-glyph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20170306/70f095dd/attachment-0002.html>


More information about the Twisted-Python mailing list