[SFS] MatterMost is encrypted!
Aaron Brown
aayore@gmail.com
Mon, 23 Jan 2017 14:55:02 -0700
This is a multi-part message in MIME format.
--------------000207000002040502000803
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
I thought Let's Encrypt was still called Let's Encrypt, and CertBot is
just a client to perform the automation for you. Either way, I agree
that it's really easy once you get it set up. Lower ongoing
administrative burden and all that.
A note about Symantec:
http://arstechnica.com/security/2017/01/already-on-probation-symantec-issues-more-illegit-https-certificates/
I haven't had any trouble with browsers trusting Let's Encrypt certs.
https://letsencrypt.org/docs/certificate-compatibility/
Since Mozilla, Chrome, Facebook, etc. are all major sponsors, it seems
like they're pretty well-established at this point.
> Scelza, Jeffrey B <mailto:Jeffrey.Scelza@charter.com>
> January 23, 2017 at 1:32 PM
> We are actually using Let's Encrypt (Called CertBot now) on many
> different sites at Charter/TWC. Depending on your application/web
> container it will auto renew by just adding a script to
> /etc/crontab.monthly. The trick I learned for some of the servers
> is if you do a standalone then you need the full chain, including
> intermediate and CA, in a single file. The ordering of the
> certs/CA/Intermediate also seems to vary with haproxy, apache, nginx,
> etc. Hope that helps a bit.
>
> FYI: All our customer facing sites are still using Symantec due to
> wanting higher verifications.
>
> From: <sfs-admin@thegeek.nu <mailto:sfs-admin@thegeek.nu>> on behalf
> of "David L. Willson" <DLWillson@thegeek.nu <mailto:DLWillson@thegeek.nu>>
> Date: Monday, January 23, 2017 at 11:43 AM
> To: Aaron Brown <aayore@gmail.com <mailto:aayore@gmail.com>>
> Cc: sfs <sfs@thegeek.nu <mailto:sfs@thegeek.nu>>, "David L. Willson"
> <dlwillson@sofree.us <mailto:dlwillson@sofree.us>>
> Subject: Re: [SFS] MatterMost is encrypted!
>
> Gandi's certs are trusted by default in all browsers. Ongoing
> administrative burden is lower.
>
> I figured I can use Let's Encrypt for more hobbyish things.
>
> I tried to install the cert into Zimbra for an hour. Failed at that.
>
> --
> David L. Willson
> Teacher, Engineer, Evangelist
> RHCE+Satellite CCAH Linux+ LPIC-1 SUSE_CLP LFCS
> Mobile 720-333-LANS(5267)
> http://sofree.us
>
> This is a good time for a r3VOLution.
>
> ------------------------------------------------------------------------
>
> The contents of this e-mail message and
> any attachments are intended solely for the
> addressee(s) and may contain confidential
> and/or legally privileged information. If you
> are not the intended recipient of this message
> or if this message has been addressed to you
> in error, please immediately alert the sender
> by reply e-mail and then delete this message
> and any attachments. If you are not the
> intended recipient, you are notified that
> any use, dissemination, distribution, copying,
> or storage of this message or any attachment
> is strictly prohibited.
> David L. Willson <mailto:DLWillson@TheGeek.NU>
> January 23, 2017 at 11:43 AM
> Gandi's certs are trusted by default in all browsers. Ongoing
> administrative burden is lower.
>
> I figured I can use Let's Encrypt for more hobbyish things.
>
> I tried to install the cert into Zimbra for an hour. Failed at that.
>
> --
> David L. Willson
> Teacher, Engineer, Evangelist
> RHCE+Satellite CCAH Linux+ LPIC-1 SUSE_CLP LFCS
> Mobile 720-333-LANS(5267)
> http://sofree.us
>
> This is a good time for a r3VOLution.
>
> ------------------------------------------------------------------------
>
> Aaron Brown <mailto:aayore@gmail.com>
> January 23, 2017 at 11:15 AM
> Why did you choose Gandi instead of Let's Encrypt?
>
>
--------------000207000002040502000803
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<html><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000">I thought Let's Encrypt
was still called Let's Encrypt, and CertBot is just a client to perform
the automation for you. Either way, I agree that it's really easy once
you get it set up. Lower ongoing administrative burden and all that.<br>
<br>
A note about Symantec:<br>
<a class="moz-txt-link-freetext" href="http://arstechnica.com/security/2017/01/already-on-probation-symantec-issues-more-illegit-https-certificates/">http://arstechnica.com/security/2017/01/already-on-probation-symantec-issues-more-illegit-https-certificates/</a><br>
<br>
I haven't had any trouble with browsers trusting Let's Encrypt certs.<br>
<a class="moz-txt-link-freetext" href="https://letsencrypt.org/docs/certificate-compatibility/">https://letsencrypt.org/docs/certificate-compatibility/</a><br>
Since Mozilla, Chrome, Facebook, etc. are all major sponsors, it seems
like they're pretty well-established at this point.<br>
<span>
</span><br>
<blockquote style="border: 0px none;"
cite="mid:D4ABB469.68DD%25jeffrey.scelza@charter.com" type="cite">
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px"> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">
<a moz-do-not-send="true" href="mailto:Jeffrey.Scelza@charter.com"
style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;">Scelza, Jeffrey B</a></div> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
right;"> <font color="#9FA2A5"><span style="padding-left:6px">January
23, 2017 at 1:32 PM</span></font></div> </div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px;"
__pbrmquotes="true" class="__pbConvBody">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<div>We are actually using Let's Encrypt (Called CertBot now) on many
different sites at Charter/TWC. Depending on your application/web
container it will auto renew by just adding a script to
/etc/crontab.monthly. The trick I learned for some of the servers
is if you do a standalone then you need the full chain, including
intermediate and CA, in a single file. The ordering of the
certs/CA/Intermediate also seems to vary with haproxy, apache, nginx,
etc. Hope that helps a bit. </div>
<div><br>
</div>
<div>FYI: All our customer facing sites are still using Symantec due to
wanting higher verifications.</div>
<div><br>
</div>
<div> </div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left;
color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none;
PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP:
#b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span><<a
moz-do-not-send="true" href="mailto:sfs-admin@thegeek.nu">sfs-admin@thegeek.nu</a>>
on behalf of "David L. Willson" <<a moz-do-not-send="true"
href="mailto:DLWillson@thegeek.nu">DLWillson@thegeek.nu</a>><br>
<span style="font-weight:bold">Date: </span>Monday, January 23, 2017 at
11:43 AM<br>
<span style="font-weight:bold">To: </span>Aaron Brown <<a
moz-do-not-send="true" href="mailto:aayore@gmail.com">aayore@gmail.com</a>><br>
<span style="font-weight:bold">Cc: </span>sfs <<a
moz-do-not-send="true" href="mailto:sfs@thegeek.nu">sfs@thegeek.nu</a>>,
"David L. Willson" <<a moz-do-not-send="true"
href="mailto:dlwillson@sofree.us">dlwillson@sofree.us</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [SFS] MatterMost is
encrypted!<br>
</div>
<div><br>
</div>
<div><style type="text/css">p { margin: 0; }</style>
<div>
<div style="font-family: times new roman,new york,times,serif;
font-size: 12pt; color: #000000">
Gandi's certs are trusted by default in all browsers. Ongoing
administrative burden is lower.<br>
<br>
I figured I can use Let's Encrypt for more hobbyish things.<br>
<br>
I tried to install the cert into Zimbra for an hour. Failed at that.<br>
<br>
<div><span name="x"></span>--<br>
David L. Willson<br>
Teacher, Engineer, Evangelist<br>
RHCE+Satellite CCAH Linux+ LPIC-1 SUSE_CLP LFCS<br>
Mobile 720-333-LANS(5267)<br>
<a moz-do-not-send="true" href="http://sofree.us">http://sofree.us</a><br>
<br>
This is a good time for a r3VOLution.<span name="x"></span><br>
</div>
<br>
<hr id="zwchr">
<br>
</div>
</div>
</div>
</span>
The contents of this e-mail message and <br>any attachments are intended
solely for the <br>addressee(s) and may contain confidential <br>and/or
legally privileged information. If you<br>are not the intended
recipient of this message<br>or if this message has been addressed to
you <br>in error, please immediately alert the sender<br>by reply e-mail
and then delete this message <br>and any attachments. If you are not
the <br>intended recipient, you are notified that <br>any use,
dissemination, distribution, copying,<br>or storage of this message or
any attachment <br>is strictly prohibited.</div>
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px"> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">
<a moz-do-not-send="true" href="mailto:DLWillson@TheGeek.NU"
style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;">David L. Willson</a></div> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
right;"> <font color="#9FA2A5"><span style="padding-left:6px">January
23, 2017 at 11:43 AM</span></font></div> </div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px;"
__pbrmquotes="true" class="__pbConvBody"><style type="text/css">p { margin: 0; }</style><div
style="font-family: times new roman,new york,times,serif; font-size:
12pt; color: #000000">Gandi's certs are trusted by default in all
browsers. Ongoing administrative burden is lower.<br><br>I figured I can
use Let's Encrypt for more hobbyish things.<br><br>I tried to install
the cert into Zimbra for an hour. Failed at that.<br><br><div><span
name="x"></span>--<br>David L. Willson<br>Teacher, Engineer, Evangelist<br>RHCE+Satellite
CCAH Linux+ LPIC-1 SUSE_CLP LFCS<br>Mobile 720-333-LANS(5267)<br><a class="moz-txt-link-freetext" href="http://sofree.us">http://sofree.us</a><br><br>This
is a good time for a r3VOLution.<span name="x"></span><br></div><br><hr
id="zwchr"><br></div></div>
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px"> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">
<a moz-do-not-send="true" href="mailto:aayore@gmail.com"
style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;">Aaron Brown</a></div> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
right;"> <font color="#9FA2A5"><span style="padding-left:6px">January
23, 2017 at 11:15 AM</span></font></div> </div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px;"
__pbrmquotes="true" class="__pbConvBody">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Why did you choose Gandi
instead of Let's Encrypt?<br>
<span>
</span><br>
<br>
</div>
</blockquote>
<br>
</body></html>
--------------000207000002040502000803--