[FFmpeg-devel] SSL certificate for ffmpeg.org website is not valid anymore

Reimar Döffinger Reimar.Doeffinger at gmx.de
Sun Jul 23 15:53:25 EEST 2017

On 23.07.2017, at 13:32, Michael Niedermayer <michael at niedermayer.cc> wrote:

> On Sun, Jul 23, 2017 at 09:35:12AM +0200, Reimar Döffinger wrote:
>> Btw the comodo certificate Michael mentioned is a domain-validation certificate for 7x the price of what startcom asked for a personal validation certificate (which almost nobody else even offers, just for organizations).
>> That's the CA system in a nutshell: highway robbery prices spiced with the laughable security track record you get for it.
> 7x makes me sad ...

Well, it's actually worse, I forgot we had 2 servers with different keys, so that would be 14x and not include a code signing key either...

> btw trac.ffmpeg.org, trac.mplayerhq.hu, patchwork.ffmpeg.org
> are on 2 additional seperate virtual boxes and seem to still use
> startcom

Right, I have not set up things on that one, don't even know if I have all access necessary. Should mostly be a matter of copying scripts, creating a CSR and setting up cron jobs.
If someone else wants to do it, I'm happy to give pointers, wouldn't hurt for someone else to have hands-on experience.

More information about the ffmpeg-devel mailing list