IT Development/Proposals/SSL

Currently Wikimedia UK has one SSL certificate, set up for the donate.wikimedia.org.uk domain. This proposal addresses the need for a wildcard SSL certificate to allow all of WMUK's web properties to use HTTPS.

Why HTTPS?

Using HTTPS everywhere is good practice; ssl encrypts your connection to the server, ensuring the security of data. This is especially important for the office/board wikis and civicrm, but also WMUK's other "public" sites. In addition, access to the email server requires SSL and currently this is creating an error message due to the use of a self-signed certificate.

A wildcard SSL can be used for all of the .wikimedia.org.uk domains & servers to address these issues.

What is Wildcard SSL?

WMUK's current SSL certificate is signed for donate.wikimedia.org.uk only. This means that it can only be used for HTTPS on that domain (for any other domain, the browser will throw errors/warnings). A wildcard SSL certificate is valid for any subdomain of the wikimedia.org.uk domain.

Obviously, such a certificate comes with additional cost - but given that it can be used for any combination of subdomains, it represents good value for money over purchasing individual certificates.

When registering for an SSL certificate there are also a number of "validation" options, with scaling costs. A basic certificate does no validation and it will be issued merely signed to the domain name, with no other identifying information. More expensive certificates offer warranties on financial transactions conducted through HTTPS, andf these require the sending of some documents to the certifying agent. Finally, the most expensive option involves additional checks, and will validate the name of the organisation as part of the SSL certificate - in practical terms this means that the name Wikimedia UK would appear next to the SSL "lock" icon in browsers, confirming we own the certificate.

Pricing ranges from ~£100 for basic wildcard, up to ~£500 for the most premium options.

Options/Cost