[tech] *.ucc.asn.au showing up as invalid in firefox
James Taylor
james at jtaylor.id.au
Fri Jan 23 15:37:30 AWST 2015
On 2015/01/23 17:51, Mitchell Pomery wrote:
> As [MSH] Pointed out, both secure.ucc and member domains needed the
> update applied too.
>
> To avoid having to make a million changes whenever our SSL Cert changes, I
> created ssl-ucc.conf in /etc/apache2/
>
> default, secure and zonemake.py were all updated to refer to this file.
> Now when you update the references to SSL cert files in that file, it will
> apply for all SSL sites that include it, meaning only one file needs to be
> changed.
>
> Remember to restart apache after modifying configs
>
> [BG3]
>
> On Fri, 23 Jan 2015, Mitchell Pomery wrote:
>
>> *.ucc.asn.au was showing up as having an invalid certificate in firefox
>> since we updated the certificate.
>>
>> To fix this, the ssl config in apache needed SSLCertificateChainFile
>> updated to reflect the new Cert chain.
>>
>> See mussel:/etc/apache2/sites-available/default
>>
>> I've added a note for the next person.
>>
>> [BG3]
>> _______________________________________________
>> List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech
>>
>> Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au
>>
> _______________________________________________
> List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech
>
> Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/james%40jtaylor.id.au
HSTS might be something to look into. There is also a preload list
https://hstspreload.appspot.com/ (note: this would mean all subdomains
would require SSL) that you can use too.
[JTK]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20150123/a3ca8f8f/attachment.sig
More information about the tech
mailing list