New SSL and HTTPS certificates for many ISG D-PHYS services
In the past all HTTPS secured web sites hosted or provided by us used certificates issued by ourselves. This caused unsettling warnings in most browsers as the user had to manually add the root certificate of our certification authority (CA) to his web browser.
To allow SSL certificates other than those signed by ourselves, namely certificates automatically accepted by all browsers, but also community-backed CACert certificates issued by ETH ID, we will change the configuration of our web server zwoelfi this evening. This may cause some short interruptions to some of the hosted sites, but should not be of longer duration.
Some of these web sites will get already new SSL certificates issued by QuoVadis (accepted by nearly all browsers by default) this evening.
Update Friday, 1. Oct. 2010, 21:00h: Due to several unexpected issues with the new QuoVadis certificate, for now the webserver runs again with the old ISG signed SSL certificate on all virtual hosts.
Update Thursday, 7. Oct. 2010, 23:00h: Most of the issues with the new QuoVadis certificate are solved now and all virtual hosts planned for the QuoVadis SSL certificate use it now again.
Other sites hosted on our web server zwoelfi will get CACert certificates in the near future, too. Most web browsers on our managed workstations already include the CACert root certificates. When deploying CACert certificates on our web server, all browsers on our managed workstations should accept these certificates. If not, please inform us.
In the case that you want to import the CACert root certificate into a browser on your own machine or we forgot to import it globally in a browser on our managed workstations, you can find a detailed article about how to import the CACert root certificates into your web browser in the CACert Wiki.
Tags: cacert, certificates, downtime, HTTPS, maintenance, SSL, web