The Mental Militia Forums

Please login or register.

Login with username, password and session length
Pages: 1 ... 7 8 [9]   Go Down

Author Topic: TCF SSL Access  (Read 69436 times)

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6828
    • End the War on Freedom
Re: TCF SSL Access
« Reply #120 on: June 26, 2014, 03:26:50 pm »

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Our SSL certificate expired. I renewed it.

Serial Number: 996305 (0xf33d1)
Issuer: O=Root CA, OU=http://www.cacert.org,
        CN=CA Cert Signing Authority/emailAddress=support@cacert.org
Validity
    Not Before: Jun 26 20:15:29 2014 GMT
    Not After : Dec 23 20:15:29 2014 GMT
Fingerprint
  SHA1: 7E:7C:9C:5F:BA:2D:AB:6D:E9:2E:F8:23:05:DF:6E:18:66:D5:68:44
  MD5:  5E:BA:0D:92:E7:5D:19:D0:0E:36:42:40:D6:94:80:68
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQIcBAEBAgAGBQJTrIIDAAoJENim99wXg5awrbAP/346mITyf+Bc/S13W60NAG73
crOYZV+IXP2/qB5E68tMC7cWYpYZvFP1CWpsjFFAX6Q/df4IDjSMtwBQ7HKHhzgP
o7UN+1p1UEMxJzmqywlEc7Tu3Vb1+m1a9eTOH9PUhuTHmYZ2agcBBVSZDyM9bgY9
QrEm7O4bIptmBMRVpFby9Bf9cdS4YGtHVTsMnQ7VN+esXs/bZzzQUTYATlH9W+ms
vdY0Yvv6OwpewRjRz+tteDsBKSojsIfznIHGnjRn5yGhCa5sb+LpmmBwjdEqty3v
8Fvt/WGdJQ2mXcponrP2sPdzMVdESjFs06WiHg9Jc7NzI005o5FBpMzDtUM6oYJD
9X+gEBGT74Id8P7Ik/updgh+BLuXkBay9VME4TzpwkewWTHO08RiOnxUQm9CG6M5
CZDqtzOOie5aTm6Zxk4Y7W7KmLDRgcaSVe44TYvhiKYzLgX1S1W07J3POcxmC4wR
7+sdHd4mywNK1VtyhBYsqnH80Tox/j6opEQ/Vlojj7+JZCa2yS8/IPn4lsnF3+NS
bRH6VpMGuomqfV279veP90Vf7tqmqWKr0GCJCf8vdNJaRtMjp3VuLfyrLxG/VYsj
YKGAnfuTnNIE0FZZnOc8DIpSFKlDeLJgX7mbQZDGxdFMTblzOLTjzviutxvLDnCp
ZV2Je2Mfxx+NTLoP0owJ
=KGnR
-----END PGP SIGNATURE-----
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

DiabloLoco

  • Guest
Re: TCF SSL Access
« Reply #121 on: June 26, 2014, 03:31:03 pm »

Thanks! Keep up the good work Bill! :mellow:
Logged

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6828
    • End the War on Freedom
Re: TCF SSL Access
« Reply #122 on: October 15, 2014, 09:51:58 am »

A new SSL vulnerability, POODLE, is in the news. I changed our Apache web server's SSL configuration to mitigate. It no longer supports IE 6, so if you're using that, why?

I used the recommended Apache configuration at https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
I tested it at https://www.ssllabs.com/ssltest/

The testing revealed, no surprise, that our certificate is untrusted. I know that. That's why I publish the certificate information in this thread. That actually makes us MORE secure than certificates signed by random authorities.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6828
    • End the War on Freedom
Re: TCF SSL Access
« Reply #123 on: December 22, 2014, 04:30:06 pm »

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Our SSL certificate was about to expire. I renewed it.

Serial Number: 1048071 (0xffe07)
Signature Algorithm: sha512WithRSAEncryption
Issuer: O=Root CA, OU=http://www.cacert.org,
  CN=CA Cert Signing Authority/emailAddress=support@cacert.org
Validity
  Not Before: Dec 22 22:20:37 2014 GMT
  Not After : Jun 20 22:20:37 2015 GMT
Fingerprint
  SHA1: 3F:89:10:7A:5B:35:19:A8:06:78:F3:22:38:46:38:AB:C5:7D:DE:7D
  MD5:  F1:A3:73:F6:C9:6B:06:2B:25:20:CF:0D:14:A1:90:6F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQIcBAEBAgAGBQJUmJtkAAoJENim99wXg5awcCYQAJnhlp3Dd4jTFjuyFYdbcMCM
yhChvAxn6zIYbWsTkXqerIoY2g5qvnul72x99RplMiJQXz2CEYpAl0e5mR5osmsu
1RT1HT4me+WUhexJyxqRRZd/ojyM2GhTxGtE/Z3RNRRCdwUv38QADjW9lyXSB2NL
5AUEaT6JL8suY8M1L3HEVNhSG+eY9HHWIk9vpBKzKTClY+IhWbjBuhDq/HeN1F3G
/wPguZpjC5BRjZpFURblYDRaporNaWNiSpVgaZqAUvJy3bJ0l5/iGdsiJzL61Jks
BjLMvj8NQ75CtN7PT03ltl7lq9MKEmdQcHqZIprIUt2M8xbtBGC41i7NXQagk3iA
rGphQCe4Lp55Fo++CBq0oCoSmeDyoyCG/dxxDGKA+7eECBKrPp6yNayRCXODZW4p
qmw+rvw6HLW68wCAhgch8fv7H2glubcW9c+Q6qwJOVuAdoeqgYadfajtZLkHpVt4
+7hnAsqJWiFK4bNY3Ib+TEVvZ0LRgMztEow+/GsC2NTtV5peebJLa1aO4PfVlmjJ
zSwYvzbN1rsImh6VyjxZpKP1MKNdH1Y81VpL5UpjfuOxiPvsmkyRD4njiwtj+xPQ
IaICgeS6VkO/KZQbh/Hlmm9GlYY/FtC2oimZtFkqRw6bD4GzIcv1qQ9PfR1wGaCX
qjjow5t2jszKege/k6Bw
=ZdbQ
-----END PGP SIGNATURE-----
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Elias Alias

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 4891
  • TMM
Re: TCF SSL Access
« Reply #124 on: December 22, 2014, 10:34:49 pm »

Thank you, Bill.

Salute!
Logged
"Heirs to self-knowledge shed gently their fears..."

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6828
    • End the War on Freedom
Re: TCF SSL Access
« Reply #125 on: May 05, 2015, 01:20:23 pm »

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I got a new SSL certificate signed by StartCom.
This certificate authority is in more browsers than cacert.org,
so should cause fewer browsers to complain.

Serial Number: 1587764054678957 (0x5a41020775dad)
Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
        CN=StartCom Class 1 Primary Intermediate Server CA
Validity
  Not Before: May  4 20:54:22 2015 GMT
  Not After : May  5 10:11:38 2016 GMT
Fingerprint
  SHA-256: 28:7E:86:E5:7D:88:68:62:0A:E0:F0:3D:A3:4C:7A:EA:
           BD:55:51:98:88:65:28:90:4E:E8:F6:02:A3:82:D7:C3
  SHA1:    1A:3A:4C:B8:94:CD:86:0C:70:2E:B2:BA:47:11:BF:FD:0C:3A:BA:03
  MD5:     43:7D:52:EE:C8:3B:D2:89:1A:1D:3A:70:7D:54:89:55
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQIcBAEBAgAGBQJVSQnXAAoJENim99wXg5awKmIQAJ2b9VKu4JlckWevyWhyw5wE
zD5O2upUrHqyqA1PS2S36BCx5an+Dzkk9AGzEVTKyyRZ30SgT92Ai7kiqrhPQsRb
cFOeoWCAS3iCFzMteasp2BnbuMSGIOASy3JYUGXPnjabpMKAONS/BMoTO6jBD1+t
CTqccfec3sbH3JFJ5nSm8gUSkKjMqfaRZYIy38rjdPMSQhhsdD0giMaIx4D9u0fL
PlijtNmbtGIolL4C+BFc/yWKhCd8RXG71J1Uueg2B3agGdzGN+qsaRGpb0A9vhow
KtsZIKLch8uOLx2xQd3BEa1LgDDgcbZRVQ+XMBK4QVjz4eg77nX+UYWzQ1xWPySI
V7EoXjJv2hg9SzaS+E8wJNgPBmGKc3MeMDGEocDOhXZtNqlYjd8LWtQAHq5ABlyl
Jw8NS2ybM7DncYTZ+fSuEe52rfEy931izqlDw+lnpAlTvFjUDIxdBKEZmpqSOufO
JmC2S5C9WKJvCcuQPiccNbKwzHvRuTWHxaML1UwbyfXi9FQz2cTDICS587/SSj0H
shSWrZ6jLW+wulibtxlkKCRq8SWOKeZvNDKgR/8M9sjTZWNIjPsdIlh5u4KibPNp
2T2PJ/vCVbFwM/iPwUEXU0b1NWIiY3CAEW9pGq1reWoNHRuCyUwb6v0oP7EaTpVr
Ygjlt9+nACPNFMx54Vho
=IxIW
-----END PGP SIGNATURE-----
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

da gooch

  • Mr. Badger? Only when need be
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 6868
  • 32*25' N X 77*05' W X 060 Mag
Re: TCF SSL Access
« Reply #126 on: May 07, 2015, 08:39:20 am »

Well Done Bill.

We rely upon your expertise for our connection.
Thank You.
Logged
"Come and Take It"  Gonzales, Texas 1835

     III

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6828
    • End the War on Freedom
Re: TCF SSL Access
« Reply #127 on: May 05, 2016, 06:48:55 am »

Back in April, I switched to https://LetsEncrypt.org for our SSL certificates. I only updated the cert for secure.thementalmilitia.com at that time. The one for thementalmilitia.com and www.thementalmilitia.com just expired, which I noticed when I attempted my daily view of new posts on the wiki. I updated those, too, with LetsEncrypt. Easiest SSL maintenance I've ever seen, once you figure out how to use it. And totally free.

I used to post here a signed version of the certificate details, every time I renewed. There was one member who explicitly tracked all SSL certificates in his browser, rather than relying on a certificate authority signature. If there is still someone who cares about that, let me know in this thread, and I'll start doing it again. If you don't know what I'm talking about, don't worry about it.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6828
    • End the War on Freedom
Re: TCF SSL Access
« Reply #128 on: July 17, 2016, 06:38:22 am »

I updated the LetsEncrypt SSL certificates for thementalmilitia.com, eliasalias.com, and thementalmilitia.net. This is supposed to be as easy as running the following, logged in as root:

Code: [Select]
letsencrypt renew
but I had made the root-local "letencrypt" script do the wrong thing, because it was the right thing when I first requested the certificates, and it took me a little while to figure that out. Next time, it WILL be that easy. I could make a cron job to do it automatically, but I like keeping my eye on it more closely.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

MamaLiberty

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 25985
  • Non aggression, self ownership
    • The Price of Liberty
Re: TCF SSL Access
« Reply #129 on: July 17, 2016, 07:19:15 am »

but I like keeping my eye on it more closely.

And I, for one, am SOOOOO glad you are keeping an eye on it.  As for me, I didn't understand anything else you said. LOL
Logged
The lust to control the lives and property of others is the root of all evil.

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6828
    • End the War on Freedom
Re: TCF SSL Access
« Reply #130 on: December 20, 2016, 02:18:24 pm »

Responding to an email warning of impending expiration, I renewed our SSL certificate again. First, I updated to the newest version of LetsEnrypt. All went smoothly. It expires next on March 20 (three months from now).
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6828
    • End the War on Freedom
Re: TCF SSL Access
« Reply #131 on: August 06, 2017, 05:26:44 am »

I updated the SSL certificate (likely twice since my last report). It now expires on November 4. Free thanks to LetsEncrypt.org.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6828
    • End the War on Freedom
Re: TCF SSL Access
« Reply #132 on: July 04, 2018, 09:09:41 am »

I updated the SSL certificate (again twice since my last report). It now expires on October 2. Free thanks to LetsEncrypt.org.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Elias Alias

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 4891
  • TMM
Re: TCF SSL Access
« Reply #133 on: July 06, 2018, 04:48:28 pm »

You are awesome, Bill.
Thank you.
Salute!
Elias Alias
Logged
"Heirs to self-knowledge shed gently their fears..."
Pages: 1 ... 7 8 [9]   Go Up