Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Re^3: Certificate confusion (was: Clear text passwords)

by LanX (Cardinal)
on Jun 08, 2018 at 00:50 UTC ( #1216159=note: print w/replies, xml ) Need Help??

in reply to Re^2: All my links turned red (was: Clear text passwords)
in thread Clear text passwords

It's confusing I sometimes get the * certificate for , which I have to accept manually.

Since I remember that we are using at least two servers for load balancing, my first guess is that one of the apaches has the wrong cert-file in place.

For me:

all other combinations I tried required a manual exception.


Forgot to test * with Firefox, but they seem to work fine with my mobile browser.

Cheers Rolf
(addicted to the Perl Programming Language :)
Wikisyntax for the Monastery

Replies are listed 'Best First'.
Re^4: Certificate confusion (was: Clear text passwords)
by trippledubs (Deacon) on Jun 08, 2018 at 06:17 UTC
    dig shows 3 IPs being round robin'd (robinned?). The Let's Encrypt SAN cert works on (www\.)?perlmonks\.(org)|(com)|(net), but the pairsite wildcard cert will only work on the pairsite domain, one subdomain deep. So will not work, authentication wise, with either cert. 3 Servers, 8 urls, 2 certs, one of which expires every 90 days, not the most enjoyable way to spend free time, I'm sure.

      Interestingly it looks like it has been setup correctly on 2 of the 3 servers

      $ host is an alias for has address has address has address $ openssl s_client -showcerts -servername -connect 2 + </dev/null 2>&1| grep subject subject=/C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Sui +te 510/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by + pair Networks/OU=PairWildcardSSL $250,000/CN=* $ openssl s_client -showcerts -servername -connect 6 + </dev/null 2>&1| grep subject subject=/ $ openssl s_client -showcerts -servername -connect 2 + </dev/null 2>&1| grep subject subject=/
      There is more than one way to set up Apache to rewrite and find the cert.

      I'm sure the admins will find a stable way.

      The short term certificate is surely only meant for testing.

        The short term certificate is surely only meant for testing.

        Nope, that's how Let's Encrypt certs work. Why 90 days?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1216159]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (3)
As of 2021-04-14 01:42 GMT
Find Nodes?
    Voting Booth?

    No recent polls found