Bug #2942
Server certificate for sanparks uses DataONE root CA
100%
Description
Visit https://dataknp.sanparks.org/sanparks/d1/mn and view the certificate.
The server certificate chain is DataONE Root -> DataONE Production CA -> dataknp.sanparks.org
Not sure if this was intentional or not, but it does mean the server will not be trusted by any clients that have not install the dataone root ca.
History
#1 Updated by Ben Leinfelder over 12 years ago
- Assignee changed from Ben Leinfelder to Matthew Jones
Passing this off to Matt - not sure what the intent was.
#2 Updated by Matthew Jones over 12 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
SANParks had been using self-signed certificates for their Metacat server over the past several years. They have indicated that they are not concerned with the security warning, and at least in the past it had been difficult to get reasonably priced certificates in South Africa, plus the administrative hurdles in the government to get approval for a certificate were extensive (maybe all of that has changed). So, they used a self-signed cert, as most users of the site were researchers associated with SANParks, and they routinely have this issue with their sites. We switched to using a DataONE signed certificate, as that is slightly more verifiable by a human than the self-signed cert they had been using before, but still has the issue of warnings. So basically, this is a slight improvement over the previous situation. So, unless there is a serious problem with this, I will simply close this ticket as system functioning as designed. Please reopen the ticket with a proposed solution if you feel it should should be different. And note that PISCO has made the same decision to use a DataONE signed certificate.
