Yeah LetsEncrypt has made SSL far more accessible now .
[OffTopic] : SSL (everywhere) is really needed , in one instance a
popular ISP in India
was intercepting each plain http request its client was
making and pilfering it to a
third party . This was clearly visible even with client
side "Web developer Tools" in
firefox . This had its own impact on the application
responsiveness.
A switch to SSL (using letsencrypt certs) provided an
immediate relief at least to my
client. but i feel that pilferage is still continuing for
majority of users visting NON-SSL sites.
regds
mallah.
On Wed, Aug 23, 2017 at 3:26 PM, Jacques Le Roux <
[hidden email]> wrote:
> Le 23/08/2017 à 11:45, Rajesh Mallah a écrit :
>
>> Seehttps://issues.apache.org/jira/browse/OFBIZ-6849 for why we decided
>> to
>>
>>> use only HTTPS
>>>
>>> Does the above mean serving content over plain http would eventually be
>> deprecated ?
>> if that is so it may add a little overhead of managing ssl certificates at
>> multiple places.
>> Eg in my case i have a wildcard SSL certificate for all my
>> *.company.domains and
>>
https://ofbiz.mycompant.tld just ProxyPass passes to
>>
http://internal-ofbiz-instance:8080/>> this*minimizes* the requirement of more IPs or opening of non-default
>> ports
>>
>> regds
>> mallah.
>>
> Actually with letsencrypt it's now easy and free to have a certificate.
> This is what we are using for demos (but old demo (R13.07) which is too
> late to update for that and will soon not be longer supported)
> Developers works with localhost and OFBiz has a self signed certificate
> embedded (IIRW I make during 10 years in 2014)
> I'll not comment your solution for integration servers, I guess each
> company has its own :)
>
> Jacques
>
>
Locked
