Fysh SSL Certificates: Difference between revisions
(→Introduction: In-progress changeover to LetsEncrypt) |
(→www.fysh.org: LetsEncrypt 20151203 details) |
||
Line 9: | Line 9: | ||
== www.fysh.org == | == www.fysh.org == | ||
Text-form, as output from openssl command. | |||
<pre> Signature Algorithm: sha256WithRSAEncryption | |||
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1 | |||
Validity | |||
Not Before: Dec 3 17:48:00 2015 GMT | |||
Not After : Mar 2 17:48:00 2016 GMT | |||
Subject: CN=www.fysh.org | |||
SHA256 Fingerprint=9D:E4:9F:2D:F6:BC:A9:CB:B3:CD:2F:6D:18:B7:3B:C5:65:6C:4B:03:BF:3E:BB:CF:0C:A7:B5:34:F4:F9:E6:8C | |||
SHA1 Fingerprint=C6:B5:17:0A:09:AB:9A:64:66:17:79:C2:43:C6:A6:31:6C:C0:EB:33 | |||
MD5 Fingerprint=32:4B:55:6F:F2:B2:1F:B1:79:BE:09:4D:CA:9A:35:7D | |||
</pre> | </pre> | ||
== squirrelmail.fysh.org == | == squirrelmail.fysh.org == |
Revision as of 20:22, 3 December 2015
Introduction
NB: All fysh.org certificates are being changed over to LetsEncrypt provided ones. This page has not yet been edited to reflect the different information about them such as signatures.
In the past Fysh.Org used several self-signed SSL certificates to facilitate the use of SSL encryption on various services. Because these were self-signed they caused web browsers to issue a warning. From 18th December 2012 a properly signed certificate has been in use on all Fysh.Org services.
Fysh.Org Certificates' Details
Fysh.Org uses the following certificates, one each for the three services; www.fysh.org, squirrelmail.fysh.org and mail.fysh.org.
www.fysh.org
Text-form, as output from openssl command.
Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1 Validity Not Before: Dec 3 17:48:00 2015 GMT Not After : Mar 2 17:48:00 2016 GMT Subject: CN=www.fysh.org SHA256 Fingerprint=9D:E4:9F:2D:F6:BC:A9:CB:B3:CD:2F:6D:18:B7:3B:C5:65:6C:4B:03:BF:3E:BB:CF:0C:A7:B5:34:F4:F9:E6:8C SHA1 Fingerprint=C6:B5:17:0A:09:AB:9A:64:66:17:79:C2:43:C6:A6:31:6C:C0:EB:33 MD5 Fingerprint=32:4B:55:6F:F2:B2:1F:B1:79:BE:09:4D:CA:9A:35:7D
squirrelmail.fysh.org
Note that your browser may not have the necessary CA certificate installed, see Why does Firefox present a warning when connecting to my website?, although we do present the certificate with the requisite extra 'chain' certificates. Remember if you install that certificate you're expressly trusting StartSSL to only issue valid certificates.
Text-form, as output from openssl command (see the image below for how it is likely shown in your browser).
Subject: OU=GT46404713, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=squirrelmail.fysh.org Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3 Validity Not Before: Dec 2 10:52:59 2014 GMT Not After : Dec 4 17:37:38 2015 GMT SHA256 Fingerprint=47:C0:69:EB:05:93:76:24:1F:5E:B3:61:EB:DE:FA:F0:8B:D9:F9:44:68:09:F1:F4:6E:5C:C9:52:DA:12:F1:1B SHA1 Fingerprint=82:25:FB:94:F2:7C:A7:F3:9F:DE:9B:90:8D:74:D4:91:B8:EF:51:0F MD5 Fingerprint=F2:8F:8F:86:C6:34:D1:AC:43:1C:4B:00:BF:D6:06:5E
What Google Chrome thinks it is:
mail.fysh.org
Again we do present the certificate with the requisite extra 'chain' certificates. Hopefully any email clients will make use of that and not alert you to any issues with the certificate.
Text-form, as output from openssl command.
Subject: OU=GT49397167, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), CN=mail.fysh.org Issuer: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3 Validity Not Before: Dec 2 11:00:21 2014 GMT Not After : Dec 5 08:58:53 2015 GMT SHA256 Fingerprint=46:0B:E1:EA:75:F5:5C:B3:4D:8A:1B:80:2A:FA:65:97:43:C0:63:5B:7C:85:24:26:A5:DE:73:A5:14:F4:E5:2E SHA1 Fingerprint=C0:70:76:AE:B2:76:84:15:CB:20:D5:41:1C:18:68:B1:BA:1F:F3:D9 MD5 Fingerprint=4A:9D:92:C0:05:C6:0A:67:CC:C0:65:62:BC:D0:C0:4E
No image of this one as it won't appear in a browser anyway.