Fysh SSL Certificates: Difference between revisions

From FyshyWyky
Jump to navigationJump to search
(→‎mail.fysh.org: Add hand-typed text form of cert, in case of vision-impaired users)
(→‎Introduction: Might as well list www.miggy.org as well)
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Introduction =
= Introduction =
Fysh.Org uses several self-signed SSL certificates to facilitate the use of SSL encryption on various services.  Because these are self-signed they will cause your web browser to issue a warning.  When it does this you should follow the prompts to retrieve the certificate then view it and ensure the details match as per the appropriate image below.


= Fysh.Org Certificates' Details =
'''NB: All fysh.org certificates are now being auto-renewed using LetsEncrypt. As such this page will not be maintained with the new details on each renewal'''.
== www.fysh.org ==
www.fysh.org uses the following certificate. This will also be used by '''any''' web site we server if accessed via HTTPS rather than HTTP:


Text-form, note this was hand-typed from the image below.
To check what the details of the current certificates please visit:
<pre>Issued To
Common Name: www.fysh.org
Organisation: The Fysh


Issued By
{| class="wikitable" border="1"
Common Name: www.fysh.org
|-
Organisation: The Fysh
! Site Hostname
! Aliases
! SSL Cert details
! Notes
|-
| www.fysh.org
| fysh.org
| [[https://www.fysh.org/ssl/www.fysh.org.txt www.fysh.org SSL Cert Details]]
|
|-
| squirrelmail.fysh.org
| sm.fysh.org, mail.fysh.org
| [[https://www.fysh.org/ssl/squirrelmail.fysh.org.txt squirrelmail.fysh.org SSL Cert Details]]
| Includes an alias to mail.fysh.org, which means there are two certs covering this (see below).  This certificate is only used by the web server, not any email service.  [mailto:root@fysh.org Let us know] if you encounter any problems due to this.
|-
| mail.fysh.org
|
| [[https://www.fysh.org/ssl/mail.fysh.org.txt mail.fysh.org SSL Cert Details]]
| Matches an alias on squirrelmail.fysh.org, which means there are two certs covering this (see above).  This certificate is only used by the email services (SMTP, IMAP, POP3), not any part of the web service. [mailto:root@fysh.org Let us know] if you encounter any problems due to this.
|-
| www.miggy.org
| miggy.org
| [[https://www.fysh.org/ssl/www.miggy.org.txt www.miggy.org SSL Cert Details]]
|
|}


Validity
'''NB: The code that extracts the "X509v3 Subject Alternative Name" section is a little fragile, so might not always show correct data.'''
Issued On: 11/12/01
Expires On: 09/12/11
 
Fingerprints
SHA1 Fingerprint: 4D:E9:4E:9E:C2:35:9C:CF:5F:C5:21:B7:F7:07:C1:63:EC:FE:EA:F9
MD5 Fingerprint: 4D:5F:A0:51:09:3D:60:15:68:E2:A0:74:2D:EF:79:8D
</pre>
 
What Firefox thinks it is:
 
[[Image:Www.fysh.org-ssl-certificate.png|alt=SSL Certificate Details for www.fysh.org|SSL Certificate Details for www.fysh.org]]
 
== mail.fysh.org ==
mail.fysh.org uses the following certificate, not only for any encrypted SMTP connections when sending or receiving email, but also for the IMAP and POP3 services:
 
Text-form, note this was hand-typed from the image below (so it may contain mistakes).
<pre>Issued To
Common Name: mail.fysh.org
Organisation: The Fyshbowl
Organisational Unit: email
 
Issued By
Common Name: mail.fysh.org
Organisation: The Fyshbowl
Organisational Unit: email
 
Validity
Issued On: 09/10/04
Expires On: 17/08/37
 
Fingerprints
SHA1 Fingerprint: 8A:C9:D0:EE:15:07:35:7F:11:71:34:BC:55:97:A5:26:87:08:31:C8
MD5 Fingerprint: 2B:C9:E1:65:82:FB:63:1F:12:B7:C6:18:E3:E5:83:A2
</pre>
 
What Firefox thinks it is:
 
[[Image:Mail.fysh.org-ssl-certificate.png|alt=SSL Certificate Details for mail.fysh.org|SSL Certificate Details for mail.fysh.org]]

Latest revision as of 21:41, 9 February 2016

Introduction

NB: All fysh.org certificates are now being auto-renewed using LetsEncrypt. As such this page will not be maintained with the new details on each renewal.

To check what the details of the current certificates please visit:

Site Hostname Aliases SSL Cert details Notes
www.fysh.org fysh.org [www.fysh.org SSL Cert Details]
squirrelmail.fysh.org sm.fysh.org, mail.fysh.org [squirrelmail.fysh.org SSL Cert Details] Includes an alias to mail.fysh.org, which means there are two certs covering this (see below). This certificate is only used by the web server, not any email service. Let us know if you encounter any problems due to this.
mail.fysh.org [mail.fysh.org SSL Cert Details] Matches an alias on squirrelmail.fysh.org, which means there are two certs covering this (see above). This certificate is only used by the email services (SMTP, IMAP, POP3), not any part of the web service. Let us know if you encounter any problems due to this.
www.miggy.org miggy.org [www.miggy.org SSL Cert Details]

NB: The code that extracts the "X509v3 Subject Alternative Name" section is a little fragile, so might not always show correct data.