GitHub TLS Certificate Update

The github.ncsu.edu service uses a TLS certificate to verify its identity to browsers, and ensures that all communication between clients and the server is encrypted and secure. As an added security measure, certificates are given an expiration date, after which they will no longer be valid. The TLS certificate for the github.ncsu.edu service is currently set to expire on July 25th, 2019.

In order to prevent any major outages from the certificate expiring, we will be replacing the current certificate with a new one on May 17th, from 3:00-4:00 PM. By performing the replacement well ahead of time, we have the ability to fall back to the existing certificate in the event something goes wrong with the replacement. The process is very simple, so we don’t expect any issues, but it never hurts to have a fallback plan!

What does this mean for users of the service?

The certificate replacement will only affect the web interface, and so git operations via SSH will continue to work as normal throughout the replacement. Git operations over HTTPS, and access to the web interface may experience a slight outage (no longer than 5 minutes) as the appliance restarts web services to load the new certificate.

The new certificate will be good for another two years, after which we will replace it again.

https://sysnews.ncsu.edu/news/5cdc6649