Re: [time-nuts] Febo.com SSL certificate expired
On 10/18/10 03:21 AM, Oz-in-DFW wrote: I used these guys for $9: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html It was worth it to not have to walk people through accepting a self-signed cert. But the more people that fork out, the less common self-signed certificates become, so the more the inclination of people to shell out for these things. Not only that, but it's $9 this year, and more next year. Each year you have to mess around with the certificate. In contrast Micky Mouse can be persuaded to sign one for 10 years (perhaps even longer) for $0.00. Dave ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Febo.com SSL certificate expired
On 10/18/2010 6:54 AM, Dr. David Kirkby wrote: On 10/18/10 03:21 AM, Oz-in-DFW wrote: I used these guys for $9: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html It was worth it to not have to walk people through accepting a self-signed cert. But the more people that fork out, the less common self-signed certificates become, so the more the inclination of people to shell out for these things. Not only that, but it's $9 this year, and more next year. Each year you have to mess around with the certificate. In contrast Micky Mouse can be persuaded to sign one for 10 years (perhaps even longer) for $0.00. Dave I understand all of this and ran with a self-signed cert for several years. The fact is that several of my customers needed support to make this work, and more than one of their IT departments don't allow self signed certs. It's a tradeoff like so many other things. -- mailto:o...@ozindfw.net Oz POB 93167 Southlake, TX 76092 (Near DFW Airport) ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Febo.com SSL certificate expired
I used these guys for $9: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html It was worth it to not have to walk people through accepting a self-signed cert. On 10/15/2010 2:36 AM, David C. Partridge wrote: Subject says all Dave ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. -- mailto:o...@ozindfw.net Oz POB 93167 Southlake, TX 76092 (Near DFW Airport) ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
[time-nuts] Febo.com SSL certificate expired
Subject says all Dave ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Febo.com SSL certificate expired
Hi There's a couple of coupons running around for cheap SSL's. They are in the two meals at the burger joint per year range. I can forward the details off list if anybody needs them. I see no reason to spam the list with details of who and how much. Of course self signed certificates are cheaper still Bob On Oct 15, 2010, at 3:36 AM, David C. Partridge wrote: Subject says all Dave ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Febo.com SSL certificate expired
Why bother buying a cert? Just create a self-signed one (and you can make it for like 10+ years)... It's not like he's selling stuff from his website... ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Febo.com SSL certificate expired
Hi It's a crazy world when it comes to self signed certs. You have at least 5 OS's you need to consider (MS, Linux/FBSD, OS-X, I-OS, Android). You need to think about both browsers and mail clients. Each of those come from a half dozen sources on each platform. Then you have configuration options on each. That's a lot of combinations. Each combo seems to have a different idea of what not to do when they see a self signed cert. If you want to be able to handle all of them, even real certs may have issues. There are indeed several common combo's that are a major pain with a self signed cert. No, I didn't write any of the code with the problems in it. I also don't want to get into the details of what and where. This really isn't the forum for that sort of thing. I'm not out to bash any particular solution, only to point out that there are indeed issues. Bob On Oct 15, 2010, at 3:00 PM, Jason Rabel wrote: Why bother buying a cert? Just create a self-signed one (and you can make it for like 10+ years)... It's not like he's selling stuff from his website... ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Febo.com SSL certificate expired
On 10/16/2010 12:08 AM, Bob Camp wrote: Hi It's a crazy world when it comes to self signed certs. You have at least 5 OS's you need to consider (MS, Linux/FBSD, OS-X, I-OS, Android). You need to think about both browsers and mail clients. Each of those come from a half dozen sources on each platform. Then you have configuration options on each. That's a lot of combinations. Each combo seems to have a different idea of what not to do when they see a self signed cert. If you want to be able to handle all of them, even real certs may have issues. There are indeed several common combo's that are a major pain with a self signed cert. No, I didn't write any of the code with the problems in it. I also don't want to get into the details of what and where. This really isn't the forum for that sort of thing. I'm not out to bash any particular solution, only to point out that there are indeed issues. Do handle part of the mess, we have setup our local root cert at the computer club, and then sign our server certs to that. I did a major overhaul on the infrastructure for that. It is still not real safety routines, but ah well. We provide a cert download which quickly solves the cert issue with most browser. Seems to work for our myriad of server and client OSes and clients. There is various ways to get real root certs, but depending on degree of uhm... safety... it may be argued of their capabilities. There is efforts to build a chain of trust for a stable free root cert, but it is so far nog included in any major browsers. Essentially it's a mess. I'm only scratched the surface here. Cheers, Magnus ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Febo.com SSL certificate expired
Hi The issue is as much defective software as anything else. There simply aren't enough self signed situations out there to drive a problem up their solution list. The gotcha is the good old but my software works with everything else. May be easy to get around that with the technically inclined. Not so much when the customer is mom. Bob On Oct 15, 2010, at 7:00 PM, Magnus Danielson wrote: On 10/16/2010 12:08 AM, Bob Camp wrote: Hi It's a crazy world when it comes to self signed certs. You have at least 5 OS's you need to consider (MS, Linux/FBSD, OS-X, I-OS, Android). You need to think about both browsers and mail clients. Each of those come from a half dozen sources on each platform. Then you have configuration options on each. That's a lot of combinations. Each combo seems to have a different idea of what not to do when they see a self signed cert. If you want to be able to handle all of them, even real certs may have issues. There are indeed several common combo's that are a major pain with a self signed cert. No, I didn't write any of the code with the problems in it. I also don't want to get into the details of what and where. This really isn't the forum for that sort of thing. I'm not out to bash any particular solution, only to point out that there are indeed issues. Do handle part of the mess, we have setup our local root cert at the computer club, and then sign our server certs to that. I did a major overhaul on the infrastructure for that. It is still not real safety routines, but ah well. We provide a cert download which quickly solves the cert issue with most browser. Seems to work for our myriad of server and client OSes and clients. There is various ways to get real root certs, but depending on degree of uhm... safety... it may be argued of their capabilities. There is efforts to build a chain of trust for a stable free root cert, but it is so far nog included in any major browsers. Essentially it's a mess. I'm only scratched the surface here. Cheers, Magnus ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Febo.com SSL certificate expired
bJason Rabel said the following on 10/15/2010 03:00 PM: Why bother buying a cert? Just create a self-signed one (and you can make it for like 10+ years)... It's not like he's selling stuff from his website... And that's what the old cert was. I will create a new one as soon as I get a chance (I'm traveling for a couple of days so it may be a bit). I thought the last time I gen'd the cert it was for 10 years, but it's possible that a software update may have resulted in creating a new one with the default 1-year lifetime. John ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Febo.com SSL certificate expired
Hi One example of self signed issues: Oct 15 19:57:16 vps postfix/smtpd[24030]: disconnect from localhost.localdomain[127.0.0.1] Oct 15 19:57:16 vps amavis[20436]: (20436-10) Passed CLEAN, [173.163.57.9] [173.163.57.9] li...@rtty.us - j...@febo.com, Message-ID: d196153f-7f6b-4e3d-b9ce-dd43176d5...@rtty.us, mail_id: giFaXckeIyKN, Hits: 0, size: 4061, queued_as: 1075AB3B0046, 589 ms Oct 15 19:57:16 vps postfix/lmtp[24019]: 4734CB3B0044: to=j...@febo.com, relay=127.0.0.1[127.0.0.1]:10024, delay=0.86, delays=0.26/0.01/0/0.59, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=20436-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1075AB3B0046) Oct 15 19:57:16 vps postfix/qmgr[23779]: 4734CB3B0044: removed Oct 15 19:57:16 vps postfix/smtp[24031]: certificate verification failed for meow.febo.com: num=18:self signed certificate Oct 15 19:57:21 vps postfix/smtp[24031]: 1075AB3B0046: to=j...@febo.com, relay=meow.febo.com[64.34.184.112]:25, delay=5.2, delays=0.01/0.01/0.43/4.7, dsn=2.0.0, status=sent (250 OK id=1P6u9E-00036G-Gx) Oct 15 19:57:21 vps postfix/qmgr[23779]: 1075AB3B0046: removed Sorry to pick on John when he can't do anything, but the timing was perfect. Bob Oct 15, 2010, at 7:53 PM, John Ackermann N8UR wrote: bJason Rabel said the following on 10/15/2010 03:00 PM: Why bother buying a cert? Just create a self-signed one (and you can make it for like 10+ years)... It's not like he's selling stuff from his website... And that's what the old cert was. I will create a new one as soon as I get a chance (I'm traveling for a couple of days so it may be a bit). I thought the last time I gen'd the cert it was for 10 years, but it's possible that a software update may have resulted in creating a new one with the default 1-year lifetime. John ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
