So I finally updated my SSL certificates

Just a note for myself here as I won’t remember it otherwise. Copy domain.crt and gd_bundle.crt to etc/ssl/certs. But for postfix concat domain.crt and gd_bundle.crt to server.pem, that seems to fix postfix. Apache and courier don’t seem to require anything extra to work. Verify with TLS Receiver.

I’m sure the above makes a great deal of sense to you. Had a fairly mundane day apart from that. About to have a shower and eat salad.

Thank you VPN, you’ve officially driven me insane

Got up, PC powered down just as I sat down to it, it’s been running a virus scan all night. Started it up again, twiddled about. Then tried to log into the VPN. Timeout. Great. Uninstalled it, re-installed it. Timeout. Great. Tried VPN on the iMac, timeout. Started shouting at the pfSense firewall. Timeout. Twiddled with pfSense, timeout. Powered off main machine. iMac now connects no problem. Powered on main machine, timeout. Tried iMac, timeout. Powered off main machine, iMac can connect again. Got notebook out, installed Cisco VPN client, connected. Powered on main machine, tried notebook again, timeout. Okay, this was getting weird, something on main machine was causing the VPN to not connect. Powered on main machine, uninstalled and re-installed VPN client. Connected. Notebook, connected. iMac, connected. Open IE, now nothing connects. Restarted main machine, connect to VPN no problem. Opened mail, tried to reconnect, all dead. Hmmm….What’s changed since yesterday, well nothing….except. My old mail server SSL certificates have expired, I never got round to installing the new ones for courier. So finally installed an updated courier.pem file on the mail server, restarted imapd. Flushed the SSL cache, restarted PC. Opened mail, opened IE, connect VPN all fine. So somehow an outdated SSL certificate was causing some authentication error and completely buggered up tunneling on pfSense for all machines. Very very odd, drove me bloody nuts.

Walked the dog.

Ate a sandwich.

Then ended up working solid till gone nine to make up for this mornings problems. Still, got quite a lot done.

Torture porn night, although I think I’ll end up watching Luther.

I had a dream about getting a parking ticket

So I was dreaming…..for some reason I was at a family gathering at a castle. I’d parked the car at a pay and display car park at the bottom of a hill. I was at the castle then had a horrible feeling that I’d failed to buy a ticket. So I walked back down to the car. Sure enough, on the windscreen was a parking ticket for £450. I was rather annoyed so tried to purchase a ticket, but the machine wouldn’t take my money as it was gone past 6PM when then charging stopped. I then woke up.

Spent the day going through conference material. Again, can’t really say any more than that.

Rang up GoDaddy.com about my SSL certificates expiring and asked if I can just change to a 3 year 5 domain one. Apart from the American on the end of the phone continuously to me as ‘you guys’ it was all pretty smooth. It’s now all on one certificate, so I have that on mannmansion, then I added my other blog (and it’s www equivalent) and the pfSense firewall. All is good and now expires 2016, I cocked up a little bit as the original certs don’t expire until the end of July, but considering I only paid a tenner each for them anyway and now got a 40% discount I’m not going to kick up a fuss. Install appears to have gone fine with all Apache sites working fine and mail still appears to be sending (actually I better test that). I need to sort courier out which is the odd one as that uses different certificates based on IP address, I guess I can remove that bit now and just point it to the one. That’ll be a job for another day though. Yes, mail is sending.

Walked the dog. It was very nice lunchtime. She was very well behaved with a couple of other dogs we came across.

Right, I’m done for the day then. Bath and wine.

The joys of SSL

Last night after consuming much wine I decided to delve into the joys of SSL certificates. As I have two sites, then two certificates were required. Now being a cheap scape I looked at all the free solutions and after much research decided they were all a bit bilge. So in the end settle on two ‘normal’ SSL certificates from godaddy.com, which at the moment are doing them for around a tenner each, so worth the punt.

Signing up was a fairly straightforward process, persuading my ca.privacy address to forward their conformation email was a little bit more problematic. But after confirming I was the owner of the domains then getting the certificates was fairly straightforward.

Getting them into Apache was again straightforward and I then had padlocks on my https pages without the browser moaning about dodgy certificates. No green bar, but for that you have to pay about five hundred quid.

Courier was easier than I’d thought, even setting it up with two ip address on two certificates. And I’ve done enough postfix edits now to get that going easily. So now, twenty quid down but no more browser or email moaning and pretty padlocks.

And two nice evenings in a row, but tonight the flies must have stayed on the cycle path as my cycle trip was fairly clear. The gym must be missing me, still it may be pissing down tomorrow.

Oh apparently I’m on a promise tonight, it is a bit warm though.