[jasig-webpresence] jasig SSL & Domain issues

[Eric Dalquist]

A few things that would be good to get fixed up:

For WCW:

1. https://www.ja-sig.org fails with an invalid SSL record error, we don't have a valid cert for that domain but I think we should just setup the *.jasig.org cert for the https://www.ja-sig.org and https://ja-sig.org vhosts so you can at least get through the browser warnings to a redirect
2. ja-sig.org and www.ja-sig.org (both over http and https) should redirect to http://www.jasig.org. Right now www.ja-sig.org serves the Jasig website content which is a detriment to our search engine rankings and our analytics data.
3. Force http://www.jasig.org/user to redirect to https://www.jasig.org/user so that passwords are sent over https
1. If possible have the login session cookie set to be secure only so that it is only presented over https to prevent firesheep style session stealing attacks
   

For Infra Team:

1. Remove the *.ja-sig.org and *.jasig.org DNS records. These currently point to WCW but they result in bizarre URLs like http://foobar.jasig.org redirects to http://www.foobar.jasig.org
   

Any additional thoughts/objections on this list?

-Eric

[Jim Helwig]

Those look like good suggestions to me.  Chuck would have to do the first three. Who would take care of the fourth one?

on 10/20/2011 10:21 AM Eric Dalquist said the following:

-- 
You are currently subscribed to jasig-we...@lists.ja-sig.org as: jasig-webpresenc...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/jasig-webpresence

[Eric Dalquist]

I can take care of the infra team step,

Also I just noticed that a bunch of redirects from old URLs are no longer setup correctly

http://www.ja-sig.org/wiki/
http://www.jasig.org/wiki/
http://www.ja-sig.org/issues/
http://www.jasig.org/issues/
http://www.ja-sig.org/svn/
http://www.jasig.org/svn/

Those should be going to the following with 301 redirects
https://wiki.jasig.org
https://issues.jasig.org
https://source.jasig.org

There are still a lot of links out there to the old URLs and we need to maintain these redirects on the WCW site.

-Eric

-- 
You are currently subscribed to jasig-we...@lists.ja-sig.org as: eric.d...@doit.wisc.edu

[Jim Helwig]

Would another one be http://www.ja-sig.org/downloads/, which I presume would redirect to http://downloads.jasig.org/?

on 10/24/2011 2:41 PM Eric Dalquist said the following:

> I can take care of the infra team step,
>
> Also I just noticed that a bunch of redirects from old URLs are no longer setup correctly
>
> http://www.ja-sig.org/wiki/
> http://www.jasig.org/wiki/
> http://www.ja-sig.org/issues/
> http://www.jasig.org/issues/
> http://www.ja-sig.org/svn/
> http://www.jasig.org/svn/
>
> Those should be going to the following with 301 redirects
> https://wiki.jasig.org
> https://issues.jasig.org
> https://source.jasig.org
>
> There are still a lot of links out there to the old URLs and we need to maintain these redirects on the WCW site.
>
> -Eric
>
> On 10/21/11 7:42 AM, Jim Helwig wrote:
>> Those look like good suggestions to me. Chuck would have to do the first three. Who would take care of the fourth one?
>>
>> on 10/20/2011 10:21 AM Eric Dalquist said the following:
>>> A few things that would be good to get fixed up:
>>>

>>> *For WCW:*
>>>
>>> 1. https://www.ja-sig.org fails with an invalid SSL record error, we don't have a valid cert for that domain but I think we should just setup the *.jasig.org cert for the https://www.ja-sig.org and https://ja-sig.org vhosts so you can at least get through the browser warnings to a redirect
>>> 2. ja-sig.org and www.ja-sig.org (both over http and https) should redirect to http://www.jasig.org. Right now www.ja-sig.org serves the Jasig website content which is a detriment to our search engine rankings and our analytics data.
>>> 3. Force http://www.jasig.org/user to redirect to https://www.jasig.org/user so that passwords are sent over https
>>> 1. If possible have the login session cookie set to be secure only so that it is only presented over https to prevent firesheep style session stealing attacks
>>>
>>>
>>> *For Infra Team:*
>>>
>>> 1. Remove the *.ja-sig.org and *.jasig.org DNS records. These currently point to WCW but they result in bizarre URLs like http://foobar.jasig.org redirects to http://www.foobar.jasig.org

>>>
>>>
>>>
>>> Any additional thoughts/objections on this list?
>>>
>>> -Eric
>> --

>> You are currently subscribed tojasig-w...@lists.ja-sig.org as:eric.d...@doit.wisc.edu

>> To unsubscribe, change settings or access archives, seehttp://www.ja-sig.org/wiki/display/JSG/jasig-webpresence

--
You are currently subscribed to jasig-we...@lists.ja-sig.org as: jasig-webpresenc...@googlegroups.com