[SFS] MatterMost is encrypted!

Scelza, Jeffrey B Jeffrey.Scelza@charter.com
Mon, 23 Jan 2017 20:32:49 +0000 

--_000_D4ABB46968DDjeffreyscelzachartercom_
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

We are actually using Let's Encrypt (Called CertBot now) on many different =
sites at Charter/TWC.  Depending on your application/web container it will =
auto renew by just adding a script to /etc/crontab.monthly.    The trick I =
learned for some of the servers is if you do a standalone then you need the=
 full chain, including intermediate and CA, in a single file. The ordering =
of the certs/CA/Intermediate also seems to vary with haproxy, apache, nginx=
, etc.  Hope that helps a bit.

FYI:  All our customer facing sites are still using Symantec due to wanting=
 higher verifications.


From: <sfs-admin@thegeek.nu<mailto:sfs-admin@thegeek.nu>> on behalf of "Dav=
id L. Willson" <DLWillson@thegeek.nu<mailto:DLWillson@thegeek.nu>>
Date: Monday, January 23, 2017 at 11:43 AM
To: Aaron Brown <aayore@gmail.com<mailto:aayore@gmail.com>>
Cc: sfs <sfs@thegeek.nu<mailto:sfs@thegeek.nu>>, "David L. Willson" <dlwill=
son@sofree.us<mailto:dlwillson@sofree.us>>
Subject: Re: [SFS] MatterMost is encrypted!

Gandi's certs are trusted by default in all browsers. Ongoing administrativ=
e burden is lower.

I figured I can use Let's Encrypt for more hobbyish things.

I tried to install the cert into Zimbra for an hour. Failed at that.

--
David L. Willson
Teacher, Engineer, Evangelist
RHCE+Satellite CCAH Linux+ LPIC-1 SUSE_CLP LFCS
Mobile 720-333-LANS(5267)
http://sofree.us

This is a good time for a r3VOLution.

________________________________
Why did you choose Gandi instead of Let's Encrypt?

David L. Willson<mailto:dlwillson@sofree.us>
January 22, 2017 at 6:43 PM
Come hang out with us!

https://mattermost.sofree.us/signup_user_complete/?id=3Dbrmczfxbrjr15ggn7rw=
tpwgthy

Between Mike Shoup's mad nginx skillz, my mad PayPal skillz, and Gandi's au=
tomated SSL certificate registration process, our MatterMost server is now =
*encrypted*. Come hang out with us without the annoying feeling that somebo=
dy's watching you. If you're worth watching, they'll just have to watch you=
 elsewhere.

--
David L. Willson
Teacher, Engineer, Evangelist
RHCE+Satellite CCAH Linux+ LPIC-1 SUSE_CLP LFCS
Mobile 720-333-LANS(5267)
http://sofree.us

This is a good time for a r3VOLution.

_______________________________________________
SFS mailing list
SFS@thegeek.nu<mailto:SFS@thegeek.nu>
http://mailman.thegeek.nu/mailman/listinfo/sfs


E-MAIL CONFIDENTIALITY NOTICE: =

The contents of this e-mail message and any attachments are intended solely=
 for the addressee(s) and may contain confidential and/or legally privilege=
d information. If you are not the intended recipient of this message or if =
this message has been addressed to you in error, please immediately alert t=
he sender by reply e-mail and then delete this message and any attachments.=
 If you are not the intended recipient, you are notified that any use, diss=
emination, distribution, copying, or storage of this message or any attachm=
ent is strictly prohibited.

--_000_D4ABB46968DDjeffreyscelzachartercom_
Content-Type: text/html; charset="us-ascii"
Content-ID: <2A854566F7BE114E9303A271CDE5D209@chartercom.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Calibri, sans-serif;">
<div>We are actually using Let's Encrypt (Called CertBot now) on many diffe=
rent sites at Charter/TWC. &nbsp;Depending on your application/web containe=
r it will auto renew by just adding a script to /etc/crontab.monthly. &nbsp=
; &nbsp;The trick I learned for some of the servers
 is if you do a standalone then you need the full chain, including intermed=
iate and CA, in a single file. The ordering of the certs/CA/Intermediate al=
so seems to vary with haproxy, apache, nginx, etc. &nbsp;Hope that helps a =
bit.&nbsp;</div>
<div><br>
</div>
<div>FYI: &nbsp;All our customer facing sites are still using Symantec due =
to wanting higher verifications.</div>
<div><br>
</div>
<div>&nbsp;&nbsp;</div>
<span id=3D"OLK_SRC_BODY_SECTION">
<div style=3D"font-family:Calibri; font-size:11pt; text-align:left; color:b=
lack; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM:=
 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;=
 BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style=3D"font-weight:bold">From: </span>&lt;<a href=3D"mailto:sfs-adm=
in@thegeek.nu">sfs-admin@thegeek.nu</a>&gt; on behalf of &quot;David L. Wil=
lson&quot; &lt;<a href=3D"mailto:DLWillson@thegeek.nu">DLWillson@thegeek.nu=
</a>&gt;<br>
<span style=3D"font-weight:bold">Date: </span>Monday, January 23, 2017 at 1=
1:43 AM<br>
<span style=3D"font-weight:bold">To: </span>Aaron Brown &lt;<a href=3D"mail=
to:aayore@gmail.com">aayore@gmail.com</a>&gt;<br>
<span style=3D"font-weight:bold">Cc: </span>sfs &lt;<a href=3D"mailto:sfs@t=
hegeek.nu">sfs@thegeek.nu</a>&gt;, &quot;David L. Willson&quot; &lt;<a href=
=3D"mailto:dlwillson@sofree.us">dlwillson@sofree.us</a>&gt;<br>
<span style=3D"font-weight:bold">Subject: </span>Re: [SFS] MatterMost is en=
crypted!<br>
</div>
<div><br>
</div>
<div><style type=3D"text/css">p { margin: 0; }</style>
<div>
<div style=3D"font-family: times new roman,new york,times,serif; font-size:=
 12pt; color: #000000">
Gandi's certs are trusted by default in all browsers. Ongoing administrativ=
e burden is lower.<br>
<br>
I figured I can use Let's Encrypt for more hobbyish things.<br>
<br>
I tried to install the cert into Zimbra for an hour. Failed at that.<br>
<br>
<div><span name=3D"x"></span>--<br>
David L. Willson<br>
Teacher, Engineer, Evangelist<br>
RHCE&#43;Satellite CCAH Linux&#43; LPIC-1 SUSE_CLP LFCS<br>
Mobile 720-333-LANS(5267)<br>
<a href=3D"http://sofree.us">http://sofree.us</a><br>
<br>
This is a good time for a r3VOLution.<span name=3D"x"></span><br>
</div>
<br>
<hr id=3D"zwchr">
<blockquote style=3D"border-left:2px solid #1010FF;margin-left:5px;padding-=
left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:no=
ne;font-family:Helvetica,Arial,sans-serif;font-size:12pt;">
Why did you choose Gandi instead of Let's Encrypt?<br>
<span></span><br>
<blockquote style=3D"border: 0px none;" cite=3D"mid:461959425.4311.14851358=
09426.JavaMail.zimbra@sofree.us">
<div style=3D"margin:30px 25px 10px 25px;" class=3D"__pbConvHr">
<div style=3D"width:100%;border-top:1px solid #EDEEF0;padding-top:5px">
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:49%;">
<a href=3D"mailto:dlwillson@sofree.us" style=3D"color:#737F92 =

!important;padding-right:6px;font-weight:bold;text-decoration:none =

!important;" target=3D"_blank">David L. Willson</a></div>
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:48%;text-align:
 right;">
<font color=3D"#9FA2A5"><span style=3D"padding-left:6px">January 22, 2017 a=
t 6:43 PM</span></font></div>
</div>
</div>
<div style=3D"color:#888888;margin-left:24px;margin-right:24px;" class=3D"_=
_pbConvBody">
<div>Come hang out with us!<br>
<br>
<a class=3D"moz-txt-link-freetext" href=3D"https://mattermost.sofree.us/sig=
nup_user_complete/?id=3Dbrmczfxbrjr15ggn7rwtpwgthy" target=3D"_blank">https=
://mattermost.sofree.us/signup_user_complete/?id=3Dbrmczfxbrjr15ggn7rwtpwgt=
hy</a><br>
<br>
Between Mike Shoup's mad nginx skillz, my mad PayPal skillz, and Gandi's au=
tomated SSL certificate registration process, our MatterMost server is now =
*encrypted*. Come hang out with us without the annoying feeling that somebo=
dy's watching you. If you're worth
 watching, they'll just have to watch you elsewhere.<br>
<br>
--<br>
David L. Willson<br>
Teacher, Engineer, Evangelist<br>
RHCE&#43;Satellite CCAH Linux&#43; LPIC-1 SUSE_CLP LFCS<br>
Mobile 720-333-LANS(5267)<br>
<a class=3D"moz-txt-link-freetext" href=3D"http://sofree.us" target=3D"_bla=
nk">http://sofree.us</a><br>
<br>
This is a good time for a r3VOLution.<br>
<br>
_______________________________________________<br>
SFS mailing list<br>
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:SFS@thegeek.nu" target=
=3D"_blank">SFS@thegeek.nu</a><br>
<a class=3D"moz-txt-link-freetext" href=3D"http://mailman.thegeek.nu/mailma=
n/listinfo/sfs" target=3D"_blank">http://mailman.thegeek.nu/mailman/listinf=
o/sfs</a><br>
</div>
</div>
</blockquote>
<br>
</blockquote>
<br>
</div>
</div>
</div>
</span>
The contents of this e-mail message and <br>any attachments are intended so=
lely for the <br>addressee(s) and may contain confidential <br>and/or legal=
ly privileged information. If you<br>are not the intended recipient of this=
 message<br>or if this message has been addressed to you <br>in error, plea=
se immediately alert the sender<br>by reply e-mail and then delete this mes=
sage <br>and any attachments. If you are not the <br>intended recipient, yo=
u are notified that <br>any use, dissemination, distribution, copying,<br>o=
r storage of this message or any attachment <br>is strictly prohibited.</bo=
dy>
</html>

--_000_D4ABB46968DDjeffreyscelzachartercom_--