Earlier today we installed a wildcard certificate on cias.rit.edu.

What does this mean?

A: Before today, if you went to https://bjcpgd.cias.rit.edu (over SSL) you would be using the certifcate for cias.rit.edu, and in the eyes of your browser bjcpgd.cias.rit.edu and cias.rit.edu are two totally seperate domains. The installation of this wildcard certifcate now means that the certificate will cover and be valid for all sub-domains of cias.rit.edu. This means you can now easily use SSL to protect your web applications on cias.rit.edu.

Do I have to change anything to use this certificate?

A: Not at all! The certificate is active and valid for all accounts under cias.rit.edu. You may need to tweak your application to make sure its point to https:// in the areas that you want protected, but that is a very application specific issue.

What else has the cias tech team been doing to help secure our applications and data on cias.rit.edu?

A: In the past we have allowed all users to be able to browse other users directories. We’ve been slightly uncomfortable with this scenario for a while. Yesterday we made a change to everyone’s home directory that will keep prying eyes out, yet still allow your web applications to ‘roam free’. We specificly did the follow on each users home directory:

    chgrp www-data /home/<username>
chmod 750 /home/<username>

What exactly did that just do? First off we made the group owner for you home directory the web server’s user. So you are the owner of your directory, and www-data is the group. The chmod of 750 means, The owner can read,write and execute. The group can read and write, everyone else has NO ACCESS.


Leave a Reply