[arch-dev-public] bbs.archlinux.org is now switched to https only!

Thomas Bächler thomas at archlinux.org
Fri Jul 16 05:09:15 EDT 2010

I just performed the switch to https only on bbs! I also adjusted some
internal URLs, so all files will be properly fetched via https directly.
http is redirected automatically. Note that the navbar links on Archweb
and all other sites still point to http, but that is redirected

There is a catch:
1) Apache configures SSL per-vhost. That means that even though we have
a wildcard certificate, the browser must support SNI for name-based
vhosts to work. All clients that are not SNI-capable will be redirected
to www instead.
2) wget doesn't like wildcard certificates. That means you need to use
--no-check-certificate with wget.
3) Our certificate is from CACert. AFAIK, this is not included in many
browsers by default. If you use Arch Linux, at least everything that
uses the OpenSSL certificate store and all Mozilla browsers are
CACert-enabled - on other operating systems, our certificate might show
up as untrusted.

Let me know if any of the above (especially 1) cause any problems.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20100716/31c5b29c/attachment.bin>

More information about the arch-dev-public mailing list