Am 21.02.2014 21:34, schrieb Walter Bright:
> dlang.org and dconf.org now support https,
>
> https://dlang.org
> https://dconf.org
>
> Note that this is a self-signed certificate, and so when you first
> access it you'll get a dire warning from your browser.

When the certificate discussion is settled, it would be good to also get code.dlang.org set up for HTTPS, because it processes log in and registration requests containing passwords.

Nick Sabalausky, el 22 de February a las 01:43 me escribiste:
> >>No, you can use any subdomain, you can't use wildcards, but you can get as many subdomains as you want. To use several subdomains in one server, your server must support SNI[1], but any modern webserver should support it.
> >>
> >>[1] https://en.wikipedia.org/wiki/Server_Name_Indication
> >
> >I've tried to get a subdomain cert from them, but their system complained that I already had a cert from them for the same domain.

I don't know what to say, but I'm in fact using two different
certificates for two different subdomains and both are verified by
StartSSL for free, you can check it out:
openssl s_client -servername fotos.llucax.com.ar -connect luca.homenet.org:443
openssl s_client -servername cloud.llucax.com.ar -connect luca.homenet.org:443

> SNI *is* necessary, of course, to host multiple SSL-certs on the same server (regardless of whetheer they're separate subdomains or suparate regular domains), but I already have my server doing that (one cert for each of two different domains).

No, for subdomains is not strictly necessary, you can get a wildcard certificate that covers *.example.com. That kind of certificate work for any subdomain (the same certificate). But that kind of certificate is not free in StartSSL (I think because the verification process is more expensive).

-- 
Leandro Lucarella (AKA luca)                     http://llucax.com.ar/
----------------------------------------------------------------------
In 1995 a Japanese trawler sank, because a Russian
cargo plane dropped a living cow from 30,000 feet

On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:
> dlang.org and dconf.org now support https,
>
> https://dlang.org
> https://dconf.org
>
> Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.

Captcha in the forum to avoid spam do not work when using HTTPS

On Friday, 21 February 2014 at 21:44:19 UTC, Dicebot wrote:
> Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible.

Doesn't google use single certificate for all its domains (multiple masks)?

On Friday, 21 February 2014 at 23:10:12 UTC, Jan Knepper wrote:
> Neither have I...
> I know there is www.cacert.org but as far as I know their certs are still not integrated in the browser SSL store.

Last I checked cacert used their root key for automated signing, which is sort of scary, and their roadmap to migrate to proper CA hierarchy was long. No wonder they got no acceptance.

On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:
> dlang.org and dconf.org now support https,
>
> https://dlang.org
> https://dconf.org
>
> Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.

hyphenator is linked through http, so the page is reported as partially encrypted. It will probably chase us in nightmares.