Ompi: https://open-mpi.org SSL cert error

Created on 30 Jul 2016  路  8Comments  路  Source: open-mpi/ompi

Visiting https://open-mpi.org results in a SSL certificate error. Open MPI packages cannot be installed with homebrew on Mac.

Most helpful comment

Ok, we're good to go now on https://open-mpi.org. It's now actually a LetsEncrypt-powered-SSL that does an HTTP redirect to https://www.open-mpi.org (which is a CDN / not LetsEncrypt-powered-SSL).

Sorry for letting this ticket languish so long; we had completely forgotten about it.

All 8 comments

We just moved our web site to a new host, so we'll likely need to update certificates. Bear with us, please.

Thanks for the report.

There actually is no SSL web site any more. Indiana University used to host our web site, and they provided SSL certificates for free. Per http://www.open-mpi.org/community/lists/devel/2016/06/19139.php, we had to move to another hosting vendor (Host Gator), and we elected not to pay for SSL certificates.

The web site is available at http://www.open-mpi.org/

If the community decides to purchase SSL certificates, we can (re)upgrade to https, but at the moment, we don't have funding for that.

Meh. The point was just made on the users list that Google has oodles of https links for the web site (https://www.mail-archive.com/[email protected]/msg00029.html). We might have to pony up for SSL certificates. 馃槺

I'll look into it.

Hi all

The issues appeared again today. It looks like the traffic for the top-level domain ends up with jenkins.open-mpi.org

Cheers,
Stefan

curl -v https://open-mpi.org
*   Trying 52.43.49.19:443...
* TCP_NODELAY set
* Connected to open-mpi.org (52.43.49.19) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=jenkins.open-mpi.org
*  start date: Dec  1 02:07:00 2019 GMT
*  expire date: Feb 29 02:07:00 2020 GMT
*  subjectAltName does not match open-mpi.org
* SSL: no alternative certificate subject name matches target host name 'open-mpi.org'
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'open-mpi.org'
More details here: https://curl.haxx.se/docs/sslcerts.html

This ticket may have been open for quite a while, but only because it was forgotten. We moved through multiple SSL certificates since 2016.

The current iteration is that our web site is hosted on an EC2 instance -- it is one of several vhosts on that host. It's also complicated by the fact that www.open-mpi.org is served through a CDN, which makes letsencrypt... complicated, at best. AWS has a built-in certificate system that we use (signed and renewed automatically by their CA), and it plays nicely with the CDN. I'm guessing that what you're seeing today is a misconfigured vhost / certificate combination, or we have a misconfiguration in the CDN. We'll check.

After checking, I think I was slightly incorrect. I think we use LetsEncrypt for the non-CDN web sites.

Still checking on what's happening with plain open-mpi.org.

Ok, we're good to go now on https://open-mpi.org. It's now actually a LetsEncrypt-powered-SSL that does an HTTP redirect to https://www.open-mpi.org (which is a CDN / not LetsEncrypt-powered-SSL).

Sorry for letting this ticket languish so long; we had completely forgotten about it.

Thank you! :smiley:

Was this page helpful?
0 / 5 - 0 ratings

Related issues

ggouaillardet picture ggouaillardet  路  5Comments

ax3l picture ax3l  路  6Comments

amckinstry picture amckinstry  路  9Comments

pozdneev picture pozdneev  路  4Comments

ax3l picture ax3l  路  7Comments