Fysh SSL Certificates: Difference between revisions

From FyshyWyky
Jump to navigationJump to search
(→‎Fysh.Org Certificates' Details: Very belatedly updated for new certs.)
(→‎Introduction: Might as well list www.miggy.org as well)
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Introduction =
= Introduction =
In the past Fysh.Org used several self-signed SSL certificates to facilitate the use of SSL encryption on various services.  Because these were self-signed they caused web browsers to issue a warning.  From 18th December 2012 a properly signed certificate has been in use on all Fysh.Org services.


= Fysh.Org Certificates' Details =
'''NB: All fysh.org certificates are now being auto-renewed using LetsEncrypt. As such this page will not be maintained with the new details on each renewal'''.
Fysh.Org uses the following certificates, one each for the three services; www.fysh.org, squirrelmail.fysh.org and mail.fysh.org.


== www.fysh.org ==
To check what the details of the current certificates please visit:
Note that your browser may not have the necessary CA certificate installed, see [http://www.startssl.com/?app=25#31 Why does Firefox present a warning when connecting to my website?], although we do present the certificate with the requisite extra 'chain' certificates.  Remember if you install that certificate you're expressly trusting StartSSL to only issue valid certificates.


Text-form, as output from openssl command (see the image below for how it is likely shown in your browser).
{| class="wikitable" border="1"
<pre>Subject: OU=GT83826032, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=www.fysh.org
|-
! Site Hostname
! Aliases
! SSL Cert details
! Notes
|-
| www.fysh.org
| fysh.org
| [[https://www.fysh.org/ssl/www.fysh.org.txt www.fysh.org SSL Cert Details]]
|
|-
| squirrelmail.fysh.org
| sm.fysh.org, mail.fysh.org
| [[https://www.fysh.org/ssl/squirrelmail.fysh.org.txt squirrelmail.fysh.org SSL Cert Details]]
| Includes an alias to mail.fysh.org, which means there are two certs covering this (see below).  This certificate is only used by the web server, not any email service.  [mailto:root@fysh.org Let us know] if you encounter any problems due to this.
|-
| mail.fysh.org
|
| [[https://www.fysh.org/ssl/mail.fysh.org.txt mail.fysh.org SSL Cert Details]]
| Matches an alias on squirrelmail.fysh.org, which means there are two certs covering this (see above).  This certificate is only used by the email services (SMTP, IMAP, POP3), not any part of the web service. [mailto:root@fysh.org Let us know] if you encounter any problems due to this.
|-
| www.miggy.org
| miggy.org
| [[https://www.fysh.org/ssl/www.miggy.org.txt www.miggy.org SSL Cert Details]]
|
|}


Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3
'''NB: The code that extracts the "X509v3 Subject Alternative Name" section is a little fragile, so might not always show correct data.'''
 
Validity
            Not Before: Dec  1 12:23:48 2014 GMT
            Not After : Dec  5 06:13:41 2015 GMT
 
SHA256 Fingerprint=B5:90:CF:96:AD:CD:97:F1:6A:B3:E7:AE:37:AA:51:CB:F2:27:6E:91:7D:E8:62:50:F3:5B:52:AB:26:FD:37:3F
 
SHA1 Fingerprint=D3:5E:E4:18:27:4E:BD:B1:90:54:93:49:5F:E4:6A:E9:A7:10:93:B6
 
MD5 Fingerprint=B2:35:35:A2:D8:B2:68:EE:DC:FB:E3:6C:52:AE:2E:6C
</pre>
 
What [https://www.google.com/intl/en/chrome/browser/ Google Chrome] thinks it is:
 
[[Image:www.fysh.org-cert-20141201.png|alt=SSL Certificate Details for www.fysh.org|SSL Certificate Details for www.fysh.org]]
 
== squirrelmail.fysh.org ==
Note that your browser may not have the necessary CA certificate installed, see [http://www.startssl.com/?app=25#31 Why does Firefox present a warning when connecting to my website?], although we do present the certificate with the requisite extra 'chain' certificates.  Remember if you install that certificate you're expressly trusting StartSSL to only issue valid certificates.
 
Text-form, as output from openssl command (see the image below for how it is likely shown in your browser).
<pre>Subject: OU=GT46404713, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=squirrelmail.fysh.org
 
Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3
 
Validity
            Not Before: Dec  2 10:52:59 2014 GMT
            Not After : Dec  4 17:37:38 2015 GMT
 
SHA256 Fingerprint=47:C0:69:EB:05:93:76:24:1F:5E:B3:61:EB:DE:FA:F0:8B:D9:F9:44:68:09:F1:F4:6E:5C:C9:52:DA:12:F1:1B
 
SHA1 Fingerprint=82:25:FB:94:F2:7C:A7:F3:9F:DE:9B:90:8D:74:D4:91:B8:EF:51:0F
 
MD5 Fingerprint=F2:8F:8F:86:C6:34:D1:AC:43:1C:4B:00:BF:D6:06:5E</pre>
 
What [https://www.google.com/intl/en/chrome/browser/ Google Chrome] thinks it is:
 
[[Image:squirrelmail.fysh.org-cert-20141202.png|alt=SSL Certificate Details for squirrelmail.fysh.org|SSL Certificate Details for squirrelmail.fysh.org]]
 
== mail.fysh.org ==
Again we do present the certificate with the requisite extra 'chain' certificates.  Hopefully any email clients will make use of that and not alert you to any issues with the certificate.
 
Text-form, as output from openssl command.
<pre>Subject: OU=GT49397167, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=mail.fysh.org
 
Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3
 
Validity
            Not Before: Dec  2 11:00:21 2014 GMT
            Not After : Dec  5 08:58:53 2015 GMT
 
SHA256 Fingerprint=46:0B:E1:EA:75:F5:5C:B3:4D:8A:1B:80:2A:FA:65:97:43:C0:63:5B:7C:85:24:26:A5:DE:73:A5:14:F4:E5:2E
 
SHA1 Fingerprint=C0:70:76:AE:B2:76:84:15:CB:20:D5:41:1C:18:68:B1:BA:1F:F3:D9
 
MD5 Fingerprint=4A:9D:92:C0:05:C6:0A:67:CC:C0:65:62:BC:D0:C0:4E</pre>
 
No image of this one as it won't appear in a browser anyway.

Latest revision as of 21:41, 9 February 2016

Introduction

NB: All fysh.org certificates are now being auto-renewed using LetsEncrypt. As such this page will not be maintained with the new details on each renewal.

To check what the details of the current certificates please visit:

Site Hostname Aliases SSL Cert details Notes
www.fysh.org fysh.org [www.fysh.org SSL Cert Details]
squirrelmail.fysh.org sm.fysh.org, mail.fysh.org [squirrelmail.fysh.org SSL Cert Details] Includes an alias to mail.fysh.org, which means there are two certs covering this (see below). This certificate is only used by the web server, not any email service. Let us know if you encounter any problems due to this.
mail.fysh.org [mail.fysh.org SSL Cert Details] Matches an alias on squirrelmail.fysh.org, which means there are two certs covering this (see above). This certificate is only used by the email services (SMTP, IMAP, POP3), not any part of the web service. Let us know if you encounter any problems due to this.
www.miggy.org miggy.org [www.miggy.org SSL Cert Details]

NB: The code that extracts the "X509v3 Subject Alternative Name" section is a little fragile, so might not always show correct data.