Conversation
Notices
-
@erkan@fediverse.com Err, your *.fediverse.com cert doesn't work because it is asterisk DOT fediverse.com, you should put the bare domain in a subjectAltName or cert test will fail on mismatched domain (even though accepting self-signed).
-
to ALL: so, before I am going to make a new self-signed #certificate, what other options do people recommend? some restrictions by me: 1. which doesn't #cost me (now and later when something like heartbleed happens) 2. it should be at same time also for my #subdomains working (like a wildcard does)
-
I'm using cacert.org ^^
-
thx, let me look there now (meanwhile: do you know if they would meet my 2 requirements?)
-
Yeah, get a #CAcert account - they are super easy and fast to get new certificates with. And you don't have to add every single one of your self-signed certificates in the trust db - just CAcert's root.
To start with you can only make certificates for 6 months ("class1"), but if you meet with "assurers" you get community points and can issue "class3" certificates which are valid for 2-3 years or something.
-
#class3 #CAcert is for 2 years (just checked with my cert on social.umeahackerspace.se)
-
otoh, in conformance to my motto today (1), looking at: https://github.com/letsencrypt/lets-encrypt-preview (1) "living safe is boring"
-
Oh right, they have a test CA out. Great, they probably need more testers!
-
I'm an #assurer myself and can sign off as many points as possible I think (or maybe the second stage). So we could assure each other :]
I wish I was going to #FOSDEM, then I could've travelled around in Europe a bit as well, but 1. I'm not that rich 2. I've got work that weekend (because of 1. :P)
-
!status - updated the self-signed ssl certificate (and checked: we get posts from quitter dot es now :-))
-
have to still wait for more, but I think quitter dot es users I subscribed to before the new cert: I am not getting their dents
-
example: https://fediverse.com/conversation/444465
-
SHA1 fingerprint of the ssl here: 18:AC:86:E4:D1:AB:FF:AA:D2:93:6D:B6:13:85:A7:8D:2B:8E:A7:57
-
I assume you are referring to (1): the !gs instance running here. when you hover of my nick on your instance you should something like user @ domain. (1) https://fediverse.com/conversation/415862#notice-475178
-
yes, I just updated it under (3), but since the attacker might change data on the same server, I prefer using the wiki (on another server).
-
well, I had one first made, used info from 2-3 guides (like (1)) with same approach, but apparently it was wrong, see (2). (1) http://frankkoehl.com/2012/02/create-self-signed-wildcard-ssl-certificate/ (2) https://social.umeahackerspace.se/notice/176463