In Memoriam: Tai'lahr

OpenUru.org, along with the rest of the Mystonline community, is mourning the loss of Tai'lahr on October 16th, 2019.

Rest in Peace, friend.

Difference between revisions of "Foundry Certificate Installation"

From OpenUru
Jump to navigation Jump to search
(→‎Browser Installation: Added IE instruction)
(Foundry now uses a LetsEncrypt certificate)
 
(12 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{draft}}
+
{{Outdated|reason=Foundry now uses a LetsEncrypt certificate}}
The OpenUru Foundry tools use SSL (Secure Sockets Layer) to encrypt transactions and to give confidence that you are connected to the correct server. Currently, this is a "self-signed" certificate and not one that has been validated by the main certificate authorities, so most browsers will display a warning when you navigate to one of the Foundry pages.
 
  
You can avoid these warnings by installing the certificate in your browser's certificate store. This can be done when you first visit the foundry, but the methods vary greatly accross browsers. It is perhaps easier to manually install the certificate before visting the Foundry. The certificate will also need to installed in repository tools (Mercurial or Subversion) using SSL to access the Foundry repositories.
+
<br>
 +
'''Notice:  This document is outdated.  The Foundry now uses a LetsEncrypt certificate'''
 +
 
 +
The OpenUru.org Foundry tools such as JIRA bugtracking use SSL (Secure Sockets Layer) to encrypt transactions and to give confidence that you are connected to the correct server. Currently, this is a "self-signed" certificate and not one that has been validated by the main certificate authorities, so most browsers will display a warning when you navigate to one of the Foundry pages.
 +
 
 +
You can avoid these warnings by installing the certificate in your browser's certificate store. This can be done when you first visit the foundry, but the methods vary greatly across browsers. It is perhaps easier to manually install the certificate before visting the Foundry. The certificate will also need to be installed in repository tools (Mercurial or Subversion) if you intend using SSL to access the Foundry repositories.
 +
 
 +
The instructions given here relate to the Windows versions of the applications.
  
 
== Obtaining the Certificate ==
 
== Obtaining the Certificate ==
Line 12: Line 18:
 
== Browser Installation ==
 
== Browser Installation ==
  
Please read the instructions so you know what to do '''before''' clicking on the link to the certificate, or right click the link and open it in a new tab or window.
+
Please read the instructions so you know what to do '''before''' clicking on the link to the certificate, or right click the link and open it in a new tab or window.  
  
 
=== Firefox ===
 
=== Firefox ===
Line 24: Line 30:
 
Click on the following link: [http://foundry.openuru.org/assets/Foundry/foundry.crt Foundry Certificate]
 
Click on the following link: [http://foundry.openuru.org/assets/Foundry/foundry.crt Foundry Certificate]
 
A popup will appear titled "File Download - Security Warning". Click "Open" and the certificate details will be displayed in a new popup wher you can inspect them. On the "General" tab, click "Install Certificate...". When the Certificate Import Wizard appears click "Next>", then on the Certificate Store page select "Automatically select the certificate store based on the type of certificate" and click "Next>" and then "Finish". Another popup will appear titled "Security Warning" and asking "Do you want to install this certificate?" - Click "Yes". You should get a message telling you that the import was successful. Click "OK" on any remaining dialog boxes. The certificate is now installed, and when visiting the Foundry you should see the padlock symbol to the right of the URL bar with a blue background.
 
A popup will appear titled "File Download - Security Warning". Click "Open" and the certificate details will be displayed in a new popup wher you can inspect them. On the "General" tab, click "Install Certificate...". When the Certificate Import Wizard appears click "Next>", then on the Certificate Store page select "Automatically select the certificate store based on the type of certificate" and click "Next>" and then "Finish". Another popup will appear titled "Security Warning" and asking "Do you want to install this certificate?" - Click "Yes". You should get a message telling you that the import was successful. Click "OK" on any remaining dialog boxes. The certificate is now installed, and when visiting the Foundry you should see the padlock symbol to the right of the URL bar with a blue background.
 +
 +
'''Note:''' If you install the certificate using Internet Explorer as described above, then you should find that the certificate will automatically be trusted by Safari and Chrome browsers on the same machine, since both of these use the Windows Internet Settings.
  
 
=== Google Chrome ===
 
=== Google Chrome ===
 +
Chrome (under Microsoft Windows) uses the same certificate store as Internet Explorer, so the process is very similar: Click on the following link: [http://foundry.openuru.org/assets/Foundry/foundry.crt Foundry Certificate]
 +
The "Downloads" popup will appear along with another window asking if you want to open or save the file "foundry.crt". Click "Open" and a new popup will appear titled "File Download - Security Warning". Click "Open" and the certificate details will be displayed in a new popup wher you can inspect them. On the "General" tab, click "Install Certificate...". When the Certificate Import Wizard appears click "Next>", then on the Certificate Store page select "Automatically select the certificate store based on the type of certificate" and click "Next>" and then "Finish". Another popup will appear titled "Security Warning" and asking "Do you want to install this certificate?" - Click "Yes". You should get a message telling you that the import was successful. Click "OK" on any remaining dialog boxes. The certificate is now installed, and when visiting the Foundry the padlock symbol on the left of the URL bar should turn green.  However, you may need to restart your browser before the certificate is recognized.
  
 
=== Apple Safari ===
 
=== Apple Safari ===
 +
On Microsoft Windows, Safari uses the same certificate store as Internet Explorer, so the process is very similar: Click on the following link: [http://foundry.openuru.org/assets/Foundry/foundry.crt Foundry Certificate]
 +
The "Downloads" popup will appear along with another window asking if you want to open or save the file "foundry.crt". Click "Open" and a new popup will appear titled "File Download - Security Warning". Click "Open" and the certificate details will be displayed in a new popup wher you can inspect them. On the "General" tab, click "Install Certificate...". When the Certificate Import Wizard appears click "Next>", then on the Certificate Store page select "Automatically select the certificate store based on the type of certificate" and click "Next>" and then "Finish". Another popup will appear titled "Security Warning" and asking "Do you want to install this certificate?" - Click "Yes". You should get a message telling you that the import was successful. Click "OK" on any remaining dialog boxes. The certificate is now installed, and when visiting the Foundry you should see the padlock symbol to the right of the URL bar.
  
 
=== Opera ===
 
=== Opera ===
 +
Using the Opera browser to access an SSL page on the Foundry will cause the browser to raise a "Security Issue" popup box.  The text in this box says ''The server's certificate chain is incomplete, and the signer(s) are not registered.  Accept?''  You can examine the description of the certificate with the "Security" tab on this popup.  If you are satisfied with the information and wish to use the certificate, click the ''Approve'' button, and the certificate will be stored in Opera's trusted certificate list, and you will be able to browse secured pages from the Foundry.
 +
 +
If you wish to manually install the certificate in Opera, click on the certificate link: [http://foundry.openuru.org/assets/Foundry/foundry.crt Foundry Certificate].  A "Install Certificate" popup window will appear, showing the certificate from '''foundry.openuru.org'''  You can click the "View" button to display information about the certificate.  You can then click the "Install" button to install the certificate or "Cancel" to ignore the certificate and not change Opera's certificate list.
  
 
== Repository Installation ==
 
== Repository Installation ==
  
 
=== TortoiseHg 2.0.x (Mercurial) ===
 
=== TortoiseHg 2.0.x (Mercurial) ===
Open the TortoiseHg Workbench, and open the ''ProjectName'' repository at https://foundry.openuru.org/hg/ProjectName. You will probably see an error message at the bottom of the window indicating that the command was aborted - ignore this. In the middle section, under "Remote Repository", there is a drop-down to select the protocol (keep it "https"), and then click on the padlock icon. A popup titled "Security: foundry.openuru.org" will appear. Select "Verify with stored host fingerprint (good)", then click the "Query" button to obtain the certificate signature from foundry.openuru.org. This will fill in the field with the fingerprint data which should match the example given below. Fill in your User Authentication information (only Username and Password are required and are the same as your JIRA account details) and click "Save". Now your pull/push operations should succeed. You can verify the command has succeeded by selecting "View -> Show Output Log" to show the output from the underlying Mercurial commands; they always should announce a successful completion.
+
If you have tried to use the "Clone Repository" command to create the Mercurial repository and found that it came back with an error like "SSL: Server certificate verify failed" then try the steps below.
 +
# Open TortoiseHg Workbench
 +
# Click on New Repository in the File Menu
 +
# Browse to the folder that you want to save the source to. This folder must be empty.
 +
# Now the buttons on the toolbar close to the top of the window should be lit up.
 +
# Select the green recycle-like icon that will bring up the synchronize settings in the lower part of the screen under '''Remote Repository'''
 +
# In the drop down box select: '''https'''
 +
# In the first box put '''foundry.openuru.org/hg'''
 +
# In the last box on that line put the project name (e.g CWE) see the [http://www.openuru.org/pages/Development.php Development] page under Foundry Repositories
 +
# Now click on the '''Padlock Button''' next to the drop down box
 +
# Choose the second option '''Verify with stored host fingerprint (good)''' under Secure HTTPS Connection and Click '''Query'''. The fingerprint is (as of this writing): <code>32:1b:b2:1c:9a:fe:d9:17:b0:78:76:ea:87:68:ad:1a:34:ab:a8:8e</code>
 +
# Put your Username (all lowercase) and Password for your JIRA Account in the appropriate boxes and click '''Save'''
 +
# On the right hand side of the screen is a '''Save''' button click it and the Save on the window that pops up
 +
# On the same toolbar used in step 5. Click on the button with the two yellow cylinders and the green arrow pointing towards you. This is the '''Pull incoming changes''' button.
 +
# After the download is complete you must update the local repository before being able to use it. Open the Output Log either by using Ctrl + L or in the View menu as '''Show Output Log'''
 +
# After the % sign on the last line of the Output Log type: <code>hg update</code>
 +
# You should get a command completed successfully line.
 +
# You are now ready to work on/view the code.
  
 +
=== TortoiseSVN (Subversion) ===
 +
There is no requirement to install the certificate for TortoiseSVN.
  
Host Fingerprint:
+
=== MacHg (Mercurial) ===
32:1b:b2:1c:9a:fe:d9:17:b0:78:76:ea:87:68:ad:1a:34:ab:a8:8e
+
# Append the certificate to the end of your ~/Library/Application Support/MacHg/TrustedCertificates.pem file.
 
 
=== TortoiseSVN (Subversion) ===
 

Latest revision as of 14:47, 7 July 2019

Template:Outdated


Notice: This document is outdated. The Foundry now uses a LetsEncrypt certificate

The OpenUru.org Foundry tools such as JIRA bugtracking use SSL (Secure Sockets Layer) to encrypt transactions and to give confidence that you are connected to the correct server. Currently, this is a "self-signed" certificate and not one that has been validated by the main certificate authorities, so most browsers will display a warning when you navigate to one of the Foundry pages.

You can avoid these warnings by installing the certificate in your browser's certificate store. This can be done when you first visit the foundry, but the methods vary greatly across browsers. It is perhaps easier to manually install the certificate before visting the Foundry. The certificate will also need to be installed in repository tools (Mercurial or Subversion) if you intend using SSL to access the Foundry repositories.

The instructions given here relate to the Windows versions of the applications.

Obtaining the Certificate

(For manual installation into applications not listed below)

Download a copy of the certificate using this link: Foundry Certificate

Browser Installation

Please read the instructions so you know what to do before clicking on the link to the certificate, or right click the link and open it in a new tab or window.

Firefox

Click on the following link: Foundry Certificate A popup will appear titled "Downloading Certificate". Mark the check box for "Trust this CA to identify web sites" then click "OK" (you may wish to click "View" to check the certificate details first). The certificate is now installed, and when visiting the Foundry you should see the padlock symbol at the bottom right of your browser: hovering the mouse pointer over this should show "Authenticated by OpenUru.org"

Note: Firefox 3.6.0 contains a bug which may cause loss of data when using JIRA - users should upgrade their Firefox installation to 3.6.2 or later.

Internet Explorer

Click on the following link: Foundry Certificate A popup will appear titled "File Download - Security Warning". Click "Open" and the certificate details will be displayed in a new popup wher you can inspect them. On the "General" tab, click "Install Certificate...". When the Certificate Import Wizard appears click "Next>", then on the Certificate Store page select "Automatically select the certificate store based on the type of certificate" and click "Next>" and then "Finish". Another popup will appear titled "Security Warning" and asking "Do you want to install this certificate?" - Click "Yes". You should get a message telling you that the import was successful. Click "OK" on any remaining dialog boxes. The certificate is now installed, and when visiting the Foundry you should see the padlock symbol to the right of the URL bar with a blue background.

Note: If you install the certificate using Internet Explorer as described above, then you should find that the certificate will automatically be trusted by Safari and Chrome browsers on the same machine, since both of these use the Windows Internet Settings.

Google Chrome

Chrome (under Microsoft Windows) uses the same certificate store as Internet Explorer, so the process is very similar: Click on the following link: Foundry Certificate The "Downloads" popup will appear along with another window asking if you want to open or save the file "foundry.crt". Click "Open" and a new popup will appear titled "File Download - Security Warning". Click "Open" and the certificate details will be displayed in a new popup wher you can inspect them. On the "General" tab, click "Install Certificate...". When the Certificate Import Wizard appears click "Next>", then on the Certificate Store page select "Automatically select the certificate store based on the type of certificate" and click "Next>" and then "Finish". Another popup will appear titled "Security Warning" and asking "Do you want to install this certificate?" - Click "Yes". You should get a message telling you that the import was successful. Click "OK" on any remaining dialog boxes. The certificate is now installed, and when visiting the Foundry the padlock symbol on the left of the URL bar should turn green. However, you may need to restart your browser before the certificate is recognized.

Apple Safari

On Microsoft Windows, Safari uses the same certificate store as Internet Explorer, so the process is very similar: Click on the following link: Foundry Certificate The "Downloads" popup will appear along with another window asking if you want to open or save the file "foundry.crt". Click "Open" and a new popup will appear titled "File Download - Security Warning". Click "Open" and the certificate details will be displayed in a new popup wher you can inspect them. On the "General" tab, click "Install Certificate...". When the Certificate Import Wizard appears click "Next>", then on the Certificate Store page select "Automatically select the certificate store based on the type of certificate" and click "Next>" and then "Finish". Another popup will appear titled "Security Warning" and asking "Do you want to install this certificate?" - Click "Yes". You should get a message telling you that the import was successful. Click "OK" on any remaining dialog boxes. The certificate is now installed, and when visiting the Foundry you should see the padlock symbol to the right of the URL bar.

Opera

Using the Opera browser to access an SSL page on the Foundry will cause the browser to raise a "Security Issue" popup box. The text in this box says The server's certificate chain is incomplete, and the signer(s) are not registered. Accept? You can examine the description of the certificate with the "Security" tab on this popup. If you are satisfied with the information and wish to use the certificate, click the Approve button, and the certificate will be stored in Opera's trusted certificate list, and you will be able to browse secured pages from the Foundry.

If you wish to manually install the certificate in Opera, click on the certificate link: Foundry Certificate. A "Install Certificate" popup window will appear, showing the certificate from foundry.openuru.org You can click the "View" button to display information about the certificate. You can then click the "Install" button to install the certificate or "Cancel" to ignore the certificate and not change Opera's certificate list.

Repository Installation

TortoiseHg 2.0.x (Mercurial)

If you have tried to use the "Clone Repository" command to create the Mercurial repository and found that it came back with an error like "SSL: Server certificate verify failed" then try the steps below.

  1. Open TortoiseHg Workbench
  2. Click on New Repository in the File Menu
  3. Browse to the folder that you want to save the source to. This folder must be empty.
  4. Now the buttons on the toolbar close to the top of the window should be lit up.
  5. Select the green recycle-like icon that will bring up the synchronize settings in the lower part of the screen under Remote Repository
  6. In the drop down box select: https
  7. In the first box put foundry.openuru.org/hg
  8. In the last box on that line put the project name (e.g CWE) see the Development page under Foundry Repositories
  9. Now click on the Padlock Button next to the drop down box
  10. Choose the second option Verify with stored host fingerprint (good) under Secure HTTPS Connection and Click Query. The fingerprint is (as of this writing): 32:1b:b2:1c:9a:fe:d9:17:b0:78:76:ea:87:68:ad:1a:34:ab:a8:8e
  11. Put your Username (all lowercase) and Password for your JIRA Account in the appropriate boxes and click Save
  12. On the right hand side of the screen is a Save button click it and the Save on the window that pops up
  13. On the same toolbar used in step 5. Click on the button with the two yellow cylinders and the green arrow pointing towards you. This is the Pull incoming changes button.
  14. After the download is complete you must update the local repository before being able to use it. Open the Output Log either by using Ctrl + L or in the View menu as Show Output Log
  15. After the % sign on the last line of the Output Log type: hg update
  16. You should get a command completed successfully line.
  17. You are now ready to work on/view the code.

TortoiseSVN (Subversion)

There is no requirement to install the certificate for TortoiseSVN.

MacHg (Mercurial)

  1. Append the certificate to the end of your ~/Library/Application Support/MacHg/TrustedCertificates.pem file.