Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re^4: Certificate confusion (was: Clear text passwords)

by trippledubs (Deacon)
on Jun 08, 2018 at 06:17 UTC ( #1216168=note: print w/replies, xml ) Need Help??


in reply to Re^3: Certificate confusion (was: Clear text passwords)
in thread Clear text passwords

dig shows 3 IPs being round robin'd (robinned?). The Let's Encrypt SAN cert works on (www\.)?perlmonks\.(org)|(com)|(net), but the pairsite wildcard cert will only work on the pairsite domain, one subdomain deep. So www.perlmonks.pairsite.com will not work, authentication wise, with either cert. 3 Servers, 8 urls, 2 certs, one of which expires every 90 days, not the most enjoyable way to spend free time, I'm sure.

Replies are listed 'Best First'.
Re^5: Certificate confusion (was: Clear text passwords)
by rnewsham (Curate) on Jun 09, 2018 at 07:12 UTC

    Interestingly it looks like it has been setup correctly on 2 of the 3 servers

    $ host www.perlmonks.org www.perlmonks.org is an alias for perlmonks.org. perlmonks.org has address 209.197.123.153 perlmonks.org has address 66.39.54.27 perlmonks.org has address 216.92.34.251 $ openssl s_client -showcerts -servername www.perlmonks.org -connect 2 +09.197.123.153:443 </dev/null 2>&1| grep subject subject=/C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Sui +te 510/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by + pair Networks/OU=PairWildcardSSL $250,000/CN=*.pairsite.com $ openssl s_client -showcerts -servername www.perlmonks.org -connect 6 +6.39.54.27:443 </dev/null 2>&1| grep subject subject=/CN=perlmonks.org $ openssl s_client -showcerts -servername www.perlmonks.org -connect 2 +16.92.34.251:443 </dev/null 2>&1| grep subject subject=/CN=perlmonks.org
Re^5: Certificate confusion (was: Clear text passwords)
by KurtZ (Friar) on Jun 08, 2018 at 07:51 UTC
    There is more than one way to set up Apache to rewrite and find the cert.

    I'm sure the admins will find a stable way.

    The short term certificate is surely only meant for testing.

      The short term certificate is surely only meant for testing.

      Nope, that's how Let's Encrypt certs work. Why 90 days?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1216168]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (8)
As of 2021-01-20 17:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?