Fysh SSL Certificates: Difference between revisions

From FyshyWyky
Jump to navigationJump to search
(→‎*.fysh.org: startSSL cert may need adding ....)
(→‎Fysh.Org Certificates' Details: Very belatedly updated for new certs.)
Line 3: Line 3:


= Fysh.Org Certificates' Details =
= Fysh.Org Certificates' Details =
== *.fysh.org ==
Fysh.Org uses the following certificates, one each for the three services; www.fysh.org, squirrelmail.fysh.org and mail.fysh.org.
Fysh.Org uses the following certificate. This will also be used by '''any''' web site we server if accessed via HTTPS rather than HTTP.  The same certificate is also used for [[Mail]] services on mail.fysh.org, [[News]] on nntp.fysh.org etc.


Note that your browser may not have the necessary CA certificate installed, see [http://www.startssl.com/?app=25#31 Why does Firefox present a warning when connecting to my website?].  Remember if you install that certificate you're expressly trusting StartSSL to only issue valid certificates.
== www.fysh.org ==
Note that your browser may not have the necessary CA certificate installed, see [http://www.startssl.com/?app=25#31 Why does Firefox present a warning when connecting to my website?], although we do present the certificate with the requisite extra 'chain' certificates.  Remember if you install that certificate you're expressly trusting StartSSL to only issue valid certificates.


Text-form, note this was hand-typed from the image below (so it may contain mistakes).
Text-form, as output from openssl command (see the image below for how it is likely shown in your browser).
<pre>Issued To
<pre>Subject: OU=GT83826032, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=www.fysh.org
Common Name: *.fysh.org
Organisation: Michael Ashton


Issued By
Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3
Common Name: StartCom Class 2 Primary Intermediate Server CA
Organisation: StartCom Ltd.
Organisational Unit (OU): Secure Digital Certificate Signing


Validity
Validity
Issued On: 12/12/2012
            Not Before: Dec  1 12:23:48 2014 GMT
Expires On: 14/12/2014
            Not After : Dec  5 06:13:41 2015 GMT


Fingerprints
SHA256 Fingerprint=B5:90:CF:96:AD:CD:97:F1:6A:B3:E7:AE:37:AA:51:CB:F2:27:6E:91:7D:E8:62:50:F3:5B:52:AB:26:FD:37:3F
SHA-256 Fingerprint: 16 4A CB C1 5C 32 88 9F EF D7 C3 5F B0 79 79 4C C1 68 D6 AF 4B 10 63 2A 5A 7C 89 05 45 8B C3 58
 
SHA1 Fingerprint: 96 D3 A1 F1 D3 5B 5A 08 86 83 4D 1E 36 3C 87 7C 21 0D 6F 17
SHA1 Fingerprint=D3:5E:E4:18:27:4E:BD:B1:90:54:93:49:5F:E4:6A:E9:A7:10:93:B6
 
MD5 Fingerprint=B2:35:35:A2:D8:B2:68:EE:DC:FB:E3:6C:52:AE:2E:6C
</pre>
</pre>


What [https://www.google.com/intl/en/chrome/browser/ Google Chrome] thinks it is:
What [https://www.google.com/intl/en/chrome/browser/ Google Chrome] thinks it is:


[[Image:Wildcard.fysh.org-ssl-certificate.png|alt=SSL Certificate Details for *.fysh.org|SSL Certificate Details for *.fysh.org]]
[[Image:www.fysh.org-cert-20141201.png|alt=SSL Certificate Details for www.fysh.org|SSL Certificate Details for www.fysh.org]]
 
== squirrelmail.fysh.org ==
Note that your browser may not have the necessary CA certificate installed, see [http://www.startssl.com/?app=25#31 Why does Firefox present a warning when connecting to my website?], although we do present the certificate with the requisite extra 'chain' certificates.  Remember if you install that certificate you're expressly trusting StartSSL to only issue valid certificates.
 
Text-form, as output from openssl command (see the image below for how it is likely shown in your browser).
<pre>Subject: OU=GT46404713, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=squirrelmail.fysh.org
 
Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3
 
Validity
            Not Before: Dec  2 10:52:59 2014 GMT
            Not After : Dec  4 17:37:38 2015 GMT
 
SHA256 Fingerprint=47:C0:69:EB:05:93:76:24:1F:5E:B3:61:EB:DE:FA:F0:8B:D9:F9:44:68:09:F1:F4:6E:5C:C9:52:DA:12:F1:1B
 
SHA1 Fingerprint=82:25:FB:94:F2:7C:A7:F3:9F:DE:9B:90:8D:74:D4:91:B8:EF:51:0F
 
MD5 Fingerprint=F2:8F:8F:86:C6:34:D1:AC:43:1C:4B:00:BF:D6:06:5E</pre>
 
What [https://www.google.com/intl/en/chrome/browser/ Google Chrome] thinks it is:
 
[[Image:squirrelmail.fysh.org-cert-20141202.png|alt=SSL Certificate Details for squirrelmail.fysh.org|SSL Certificate Details for squirrelmail.fysh.org]]
 
== mail.fysh.org ==
Again we do present the certificate with the requisite extra 'chain' certificates.  Hopefully any email clients will make use of that and not alert you to any issues with the certificate.
 
Text-form, as output from openssl command.
<pre>Subject: OU=GT49397167, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=mail.fysh.org
 
Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3
 
Validity
            Not Before: Dec  2 11:00:21 2014 GMT
            Not After : Dec  5 08:58:53 2015 GMT
 
SHA256 Fingerprint=46:0B:E1:EA:75:F5:5C:B3:4D:8A:1B:80:2A:FA:65:97:43:C0:63:5B:7C:85:24:26:A5:DE:73:A5:14:F4:E5:2E
 
SHA1 Fingerprint=C0:70:76:AE:B2:76:84:15:CB:20:D5:41:1C:18:68:B1:BA:1F:F3:D9
 
MD5 Fingerprint=4A:9D:92:C0:05:C6:0A:67:CC:C0:65:62:BC:D0:C0:4E</pre>
 
No image of this one as it won't appear in a browser anyway.

Revision as of 11:21, 29 October 2015

Introduction

In the past Fysh.Org used several self-signed SSL certificates to facilitate the use of SSL encryption on various services. Because these were self-signed they caused web browsers to issue a warning. From 18th December 2012 a properly signed certificate has been in use on all Fysh.Org services.

Fysh.Org Certificates' Details

Fysh.Org uses the following certificates, one each for the three services; www.fysh.org, squirrelmail.fysh.org and mail.fysh.org.

www.fysh.org

Note that your browser may not have the necessary CA certificate installed, see Why does Firefox present a warning when connecting to my website?, although we do present the certificate with the requisite extra 'chain' certificates. Remember if you install that certificate you're expressly trusting StartSSL to only issue valid certificates.

Text-form, as output from openssl command (see the image below for how it is likely shown in your browser).

Subject: OU=GT83826032, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=www.fysh.org

Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3

Validity
            Not Before: Dec  1 12:23:48 2014 GMT
            Not After : Dec  5 06:13:41 2015 GMT

SHA256 Fingerprint=B5:90:CF:96:AD:CD:97:F1:6A:B3:E7:AE:37:AA:51:CB:F2:27:6E:91:7D:E8:62:50:F3:5B:52:AB:26:FD:37:3F

SHA1 Fingerprint=D3:5E:E4:18:27:4E:BD:B1:90:54:93:49:5F:E4:6A:E9:A7:10:93:B6

MD5 Fingerprint=B2:35:35:A2:D8:B2:68:EE:DC:FB:E3:6C:52:AE:2E:6C

What Google Chrome thinks it is:

SSL Certificate Details for www.fysh.org

squirrelmail.fysh.org

Note that your browser may not have the necessary CA certificate installed, see Why does Firefox present a warning when connecting to my website?, although we do present the certificate with the requisite extra 'chain' certificates. Remember if you install that certificate you're expressly trusting StartSSL to only issue valid certificates.

Text-form, as output from openssl command (see the image below for how it is likely shown in your browser).

Subject: OU=GT46404713, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=squirrelmail.fysh.org

Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3

Validity
            Not Before: Dec  2 10:52:59 2014 GMT
            Not After : Dec  4 17:37:38 2015 GMT

SHA256 Fingerprint=47:C0:69:EB:05:93:76:24:1F:5E:B3:61:EB:DE:FA:F0:8B:D9:F9:44:68:09:F1:F4:6E:5C:C9:52:DA:12:F1:1B

SHA1 Fingerprint=82:25:FB:94:F2:7C:A7:F3:9F:DE:9B:90:8D:74:D4:91:B8:EF:51:0F

MD5 Fingerprint=F2:8F:8F:86:C6:34:D1:AC:43:1C:4B:00:BF:D6:06:5E

What Google Chrome thinks it is:

SSL Certificate Details for squirrelmail.fysh.org

mail.fysh.org

Again we do present the certificate with the requisite extra 'chain' certificates. Hopefully any email clients will make use of that and not alert you to any issues with the certificate.

Text-form, as output from openssl command.

Subject: OU=GT49397167, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=mail.fysh.org

Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3

Validity
            Not Before: Dec  2 11:00:21 2014 GMT
            Not After : Dec  5 08:58:53 2015 GMT

SHA256 Fingerprint=46:0B:E1:EA:75:F5:5C:B3:4D:8A:1B:80:2A:FA:65:97:43:C0:63:5B:7C:85:24:26:A5:DE:73:A5:14:F4:E5:2E

SHA1 Fingerprint=C0:70:76:AE:B2:76:84:15:CB:20:D5:41:1C:18:68:B1:BA:1F:F3:D9

MD5 Fingerprint=4A:9D:92:C0:05:C6:0A:67:CC:C0:65:62:BC:D0:C0:4E

No image of this one as it won't appear in a browser anyway.