[SFS] MatterMost is encrypted!

Scelza, Jeffrey B Jeffrey.Scelza@charter.com
Mon, 23 Jan 2017 21:58:49 +0000 

--_000_D4ABCA236902jeffreyscelzachartercom_
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Your are correct, it is just the client that change it name.  (https://gith=
ub.com/certbot/certbot)

I hear you about Symantec, but unfortunately that decision is way above my =
pay grade!

From: Aaron Brown <aayore@gmail.com<mailto:aayore@gmail.com>>
Date: Monday, January 23, 2017 at 2:55 PM
To: CTG User <jeffrey.scelza@charter.com<mailto:jeffrey.scelza@charter.com>>
Cc: "David L. Willson" <DLWillson@thegeek.nu<mailto:DLWillson@thegeek.nu>>,=
 sfs <sfs@thegeek.nu<mailto:sfs@thegeek.nu>>, "David L. Willson" <dlwillson=
@sofree.us<mailto:dlwillson@sofree.us>>
Subject: Re: [SFS] MatterMost is encrypted!

I thought Let's Encrypt was still called Let's Encrypt, and CertBot is just=
 a client to perform the automation for you.  Either way, I agree that it's=
 really easy once you get it set up.  Lower ongoing administrative burden a=
nd all that.

A note about Symantec:
http://arstechnica.com/security/2017/01/already-on-probation-symantec-issue=
s-more-illegit-https-certificates/

I haven't had any trouble with browsers trusting Let's Encrypt certs.
https://letsencrypt.org/docs/certificate-compatibility/
Since Mozilla, Chrome, Facebook, etc. are all major sponsors, it seems like=
 they're pretty well-established at this point.

Scelza, Jeffrey B<mailto:Jeffrey.Scelza@charter.com>
January 23, 2017 at 1:32 PM
We are actually using Let's Encrypt (Called CertBot now) on many different =
sites at Charter/TWC.  Depending on your application/web container it will =
auto renew by just adding a script to /etc/crontab.monthly.    The trick I =
learned for some of the servers is if you do a standalone then you need the=
 full chain, including intermediate and CA, in a single file. The ordering =
of the certs/CA/Intermediate also seems to vary with haproxy, apache, nginx=
, etc.  Hope that helps a bit.

FYI:  All our customer facing sites are still using Symantec due to wanting=
 higher verifications.


From: <sfs-admin@thegeek.nu<mailto:sfs-admin@thegeek.nu>> on behalf of "Dav=
id L. Willson" <DLWillson@thegeek.nu<mailto:DLWillson@thegeek.nu>>
Date: Monday, January 23, 2017 at 11:43 AM
To: Aaron Brown <aayore@gmail.com<mailto:aayore@gmail.com>>
Cc: sfs <sfs@thegeek.nu<mailto:sfs@thegeek.nu>>, "David L. Willson" <dlwill=
son@sofree.us<mailto:dlwillson@sofree.us>>
Subject: Re: [SFS] MatterMost is encrypted!

Gandi's certs are trusted by default in all browsers. Ongoing administrativ=
e burden is lower.

I figured I can use Let's Encrypt for more hobbyish things.

I tried to install the cert into Zimbra for an hour. Failed at that.

--
David L. Willson
Teacher, Engineer, Evangelist
RHCE+Satellite CCAH Linux+ LPIC-1 SUSE_CLP LFCS
Mobile 720-333-LANS(5267)
http://sofree.us

This is a good time for a r3VOLution.

________________________________

The contents of this e-mail message and
any attachments are intended solely for the
addressee(s) and may contain confidential
and/or legally privileged information. If you
are not the intended recipient of this message
or if this message has been addressed to you
in error, please immediately alert the sender
by reply e-mail and then delete this message
and any attachments. If you are not the
intended recipient, you are notified that
any use, dissemination, distribution, copying,
or storage of this message or any attachment
is strictly prohibited.
David L. Willson<mailto:DLWillson@TheGeek.NU>
January 23, 2017 at 11:43 AM
Gandi's certs are trusted by default in all browsers. Ongoing administrativ=
e burden is lower.

I figured I can use Let's Encrypt for more hobbyish things.

I tried to install the cert into Zimbra for an hour. Failed at that.

--
David L. Willson
Teacher, Engineer, Evangelist
RHCE+Satellite CCAH Linux+ LPIC-1 SUSE_CLP LFCS
Mobile 720-333-LANS(5267)
http://sofree.us

This is a good time for a r3VOLution.

________________________________

Aaron Brown<mailto:aayore@gmail.com>
January 23, 2017 at 11:15 AM
Why did you choose Gandi instead of Let's Encrypt?



E-MAIL CONFIDENTIALITY NOTICE: =

The contents of this e-mail message and any attachments are intended solely=
 for the addressee(s) and may contain confidential and/or legally privilege=
d information. If you are not the intended recipient of this message or if =
this message has been addressed to you in error, please immediately alert t=
he sender by reply e-mail and then delete this message and any attachments.=
 If you are not the intended recipient, you are notified that any use, diss=
emination, distribution, copying, or storage of this message or any attachm=
ent is strictly prohibited.

--_000_D4ABCA236902jeffreyscelzachartercom_
Content-Type: text/html; charset="us-ascii"
Content-ID: <D81B8A3E4EC96D44B0F8673906CDB8CD@chartercom.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Calibri, sans-serif;">
<div>Your are correct, it is just the client that change it name. &nbsp;(<a=
 href=3D"https://github.com/certbot/certbot">https://github.com/certbot/cer=
tbot</a>)&nbsp;</div>
<div><br>
</div>
<div>I hear you about Symantec, but unfortunately that decision is way abov=
e my pay grade!</div>
<div><br>
</div>
<span id=3D"OLK_SRC_BODY_SECTION">
<div style=3D"font-family:Calibri; font-size:11pt; text-align:left; color:b=
lack; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM:=
 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;=
 BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style=3D"font-weight:bold">From: </span>Aaron Brown &lt;<a href=3D"ma=
ilto:aayore@gmail.com">aayore@gmail.com</a>&gt;<br>
<span style=3D"font-weight:bold">Date: </span>Monday, January 23, 2017 at 2=
:55 PM<br>
<span style=3D"font-weight:bold">To: </span>CTG User &lt;<a href=3D"mailto:=
jeffrey.scelza@charter.com">jeffrey.scelza@charter.com</a>&gt;<br>
<span style=3D"font-weight:bold">Cc: </span>&quot;David L. Willson&quot; &l=
t;<a href=3D"mailto:DLWillson@thegeek.nu">DLWillson@thegeek.nu</a>&gt;, sfs=
 &lt;<a href=3D"mailto:sfs@thegeek.nu">sfs@thegeek.nu</a>&gt;, &quot;David =
L. Willson&quot; &lt;<a href=3D"mailto:dlwillson@sofree.us">dlwillson@sofre=
e.us</a>&gt;<br>
<span style=3D"font-weight:bold">Subject: </span>Re: [SFS] MatterMost is en=
crypted!<br>
</div>
<div><br>
</div>
<div>
<div bgcolor=3D"#FFFFFF" text=3D"#000000">I thought Let's Encrypt was still=
 called Let's Encrypt, and CertBot is just a client to perform the automati=
on for you.&nbsp; Either way, I agree that it's really easy once you get it=
 set up.&nbsp; Lower ongoing administrative burden
 and all that.<br>
<br>
A note about Symantec:<br>
<a class=3D"moz-txt-link-freetext" href=3D"http://arstechnica.com/security/=
2017/01/already-on-probation-symantec-issues-more-illegit-https-certificate=
s/">http://arstechnica.com/security/2017/01/already-on-probation-symantec-i=
ssues-more-illegit-https-certificates/</a><br>
<br>
I haven't had any trouble with browsers trusting Let's Encrypt certs.<br>
<a class=3D"moz-txt-link-freetext" href=3D"https://letsencrypt.org/docs/cer=
tificate-compatibility/">https://letsencrypt.org/docs/certificate-compatibi=
lity/</a><br>
Since Mozilla, Chrome, Facebook, etc. are all major sponsors, it seems like=
 they're pretty well-established at this point.<br>
<span></span><br>
<blockquote style=3D"border: 0px none;" cite=3D"mid:D4ABB469.68DD%25jeffrey=
.scelza@charter.com" type=3D"cite">
<div style=3D"margin:30px 25px 10px 25px;" class=3D"__pbConvHr">
<div style=3D"width:100%;border-top:1px solid #EDEEF0;padding-top:5px">
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:49%;">
<a moz-do-not-send=3D"true" href=3D"mailto:Jeffrey.Scelza@charter.com" styl=
e=3D"color:#737F92 =

!important;padding-right:6px;font-weight:bold;text-decoration:none =

!important;">Scelza, Jeffrey B</a></div>
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:48%;text-align:
 right;">
<font color=3D"#9FA2A5"><span style=3D"padding-left:6px">January 23, 2017 a=
t 1:32 PM</span></font></div>
</div>
</div>
<div style=3D"color:#888888;margin-left:24px;margin-right:24px;" __pbrmquot=
es=3D"true" class=3D"__pbConvBody">
<div>We are actually using Let's Encrypt (Called CertBot now) on many diffe=
rent sites at Charter/TWC. &nbsp;Depending on your application/web containe=
r it will auto renew by just adding a script to /etc/crontab.monthly. &nbsp=
; &nbsp;The trick I learned for some of the servers
 is if you do a standalone then you need the full chain, including intermed=
iate and CA, in a single file. The ordering of the certs/CA/Intermediate al=
so seems to vary with haproxy, apache, nginx, etc. &nbsp;Hope that helps a =
bit.&nbsp;</div>
<div><br>
</div>
<div>FYI: &nbsp;All our customer facing sites are still using Symantec due =
to wanting higher verifications.</div>
<div><br>
</div>
<div>&nbsp;&nbsp;</div>
<span id=3D"OLK_SRC_BODY_SECTION">
<div style=3D"font-family:Calibri; font-size:11pt; text-align:left; =

color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; =

PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: =

#b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style=3D"font-weight:bold">From: </span>&lt;<a moz-do-not-send=3D"tru=
e" href=3D"mailto:sfs-admin@thegeek.nu">sfs-admin@thegeek.nu</a>&gt; on beh=
alf of &quot;David L. Willson&quot; &lt;<a moz-do-not-send=3D"true" href=3D=
"mailto:DLWillson@thegeek.nu">DLWillson@thegeek.nu</a>&gt;<br>
<span style=3D"font-weight:bold">Date: </span>Monday, January 23, 2017 at 1=
1:43 AM<br>
<span style=3D"font-weight:bold">To: </span>Aaron Brown &lt;<a moz-do-not-s=
end=3D"true" href=3D"mailto:aayore@gmail.com">aayore@gmail.com</a>&gt;<br>
<span style=3D"font-weight:bold">Cc: </span>sfs &lt;<a moz-do-not-send=3D"t=
rue" href=3D"mailto:sfs@thegeek.nu">sfs@thegeek.nu</a>&gt;, &quot;David L. =
Willson&quot; &lt;<a moz-do-not-send=3D"true" href=3D"mailto:dlwillson@sofr=
ee.us">dlwillson@sofree.us</a>&gt;<br>
<span style=3D"font-weight:bold">Subject: </span>Re: [SFS] MatterMost is en=
crypted!<br>
</div>
<div><br>
</div>
<div><style type=3D"text/css">p { margin: 0; }</style>
<div>
<div style=3D"font-family: times new roman,new york,times,serif; =

font-size: 12pt; color: #000000">
Gandi's certs are trusted by default in all browsers. Ongoing administrativ=
e burden is lower.<br>
<br>
I figured I can use Let's Encrypt for more hobbyish things.<br>
<br>
I tried to install the cert into Zimbra for an hour. Failed at that.<br>
<br>
<div><span name=3D"x"></span>--<br>
David L. Willson<br>
Teacher, Engineer, Evangelist<br>
RHCE&#43;Satellite CCAH Linux&#43; LPIC-1 SUSE_CLP LFCS<br>
Mobile 720-333-LANS(5267)<br>
<a moz-do-not-send=3D"true" href=3D"http://sofree.us">http://sofree.us</a><=
br>
<br>
This is a good time for a r3VOLution.<span name=3D"x"></span><br>
</div>
<br>
<hr id=3D"zwchr">
<br>
</div>
</div>
</div>
</span>The contents of this e-mail message and <br>
any attachments are intended solely for the <br>
addressee(s) and may contain confidential <br>
and/or legally privileged information. If you<br>
are not the intended recipient of this message<br>
or if this message has been addressed to you <br>
in error, please immediately alert the sender<br>
by reply e-mail and then delete this message <br>
and any attachments. If you are not the <br>
intended recipient, you are notified that <br>
any use, dissemination, distribution, copying,<br>
or storage of this message or any attachment <br>
is strictly prohibited.</div>
<div style=3D"margin:30px 25px 10px 25px;" class=3D"__pbConvHr">
<div style=3D"width:100%;border-top:1px solid #EDEEF0;padding-top:5px">
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:49%;">
<a moz-do-not-send=3D"true" href=3D"mailto:DLWillson@TheGeek.NU" style=3D"c=
olor:#737F92 =

!important;padding-right:6px;font-weight:bold;text-decoration:none =

!important;">David L. Willson</a></div>
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:48%;text-align:
 right;">
<font color=3D"#9FA2A5"><span style=3D"padding-left:6px">January 23, 2017 a=
t 11:43 AM</span></font></div>
</div>
</div>
<div style=3D"color:#888888;margin-left:24px;margin-right:24px;" __pbrmquot=
es=3D"true" class=3D"__pbConvBody">
<style type=3D"text/css">p { margin: 0; }</style>
<div style=3D"font-family: times new roman,new york,times,serif; font-size: =

12pt; color: #000000">
Gandi's certs are trusted by default in all browsers. Ongoing administrativ=
e burden is lower.<br>
<br>
I figured I can use Let's Encrypt for more hobbyish things.<br>
<br>
I tried to install the cert into Zimbra for an hour. Failed at that.<br>
<br>
<div><span name=3D"x"></span>--<br>
David L. Willson<br>
Teacher, Engineer, Evangelist<br>
RHCE&#43;Satellite CCAH Linux&#43; LPIC-1 SUSE_CLP LFCS<br>
Mobile 720-333-LANS(5267)<br>
<a class=3D"moz-txt-link-freetext" href=3D"http://sofree.us">http://sofree.=
us</a><br>
<br>
This is a good time for a r3VOLution.<span name=3D"x"></span><br>
</div>
<br>
<hr id=3D"zwchr">
<br>
</div>
</div>
<div style=3D"margin:30px 25px 10px 25px;" class=3D"__pbConvHr">
<div style=3D"width:100%;border-top:1px solid #EDEEF0;padding-top:5px">
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:49%;">
<a moz-do-not-send=3D"true" href=3D"mailto:aayore@gmail.com" style=3D"color=
:#737F92 =

!important;padding-right:6px;font-weight:bold;text-decoration:none =

!important;">Aaron Brown</a></div>
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:48%;text-align:
 right;">
<font color=3D"#9FA2A5"><span style=3D"padding-left:6px">January 23, 2017 a=
t 11:15 AM</span></font></div>
</div>
</div>
<div style=3D"color:#888888;margin-left:24px;margin-right:24px;" __pbrmquot=
es=3D"true" class=3D"__pbConvBody">
Why did you choose Gandi instead of Let's Encrypt?<br>
<span></span><br>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</span>
The contents of this e-mail message and <br>any attachments are intended so=
lely for the <br>addressee(s) and may contain confidential <br>and/or legal=
ly privileged information. If you<br>are not the intended recipient of this=
 message<br>or if this message has been addressed to you <br>in error, plea=
se immediately alert the sender<br>by reply e-mail and then delete this mes=
sage <br>and any attachments. If you are not the <br>intended recipient, yo=
u are notified that <br>any use, dissemination, distribution, copying,<br>o=
r storage of this message or any attachment <br>is strictly prohibited.</bo=
dy>
</html>

--_000_D4ABCA236902jeffreyscelzachartercom_--