Re: [Assp-user] SAN ssl suport
Thanks for the reply! Q: you installed a SAN certificate in ASSP so that now ASSP is able to secure connections using such a certificate, ok till now ? >I was using a regular wild card cert until now and yes it was fine (still is as I went back to it) Q: If so, what do you mean by "pull the first domain", that is, "who" complains about the certificate ? > the new cert worked fine as well BUT not on the other domains in the SAN, only the first domain listed in the SAN worked without an SSL mismatch error. > Who complains? the email program gives a certificate warning about the hostname not matching. There is nothing wrong with the actual ssl connection, just the recognition of the OTHER hostnames on the SSl certificate but ill give those commands a try when I can retest the other cert (cant do it during the day) Thanks! John -Original Message- From: Grayhat [mailto:gray...@gmx.net] Sent: June-17-16 3:07 AM To: assp-user@lists.sourceforge.net Subject: Re: [Assp-user] SAN ssl suport :: On Thu, 16 Jun 2016 08:52:09 -0400 :: <072801d1c7cd$e522a0d0$af67e270$@ca> :: "Ethical Host - John MacKenzie" <j...@ethicalhost.ca> wrote: > Have support for SAN wildcard ssl certificates? I tried using it but > assp seemed to only pull the first domain listed on the certificate > for validation which doesn't work for me Hm... not sure I understood; you installed a SAN certificate in ASSP so that now ASSP is able to secure connections using such a certificate, ok till now ? If so, what do you mean by "pull the first domain", that is, "who" complains about the certificate ? Also, when it comes to SSL it's always a good idea to install OpenSSL and then check things using for example a command like openssl s_client -starttls smtp -connect mail.server.name.or.ip:25 and check the results for warnings or errors or, willing to fetch and dump the certificate details, you may use openssl s_client -showcerts -starttls smtp -connect server:25|openssl x509 -text the above will show you all the details of the certificate returned by the server (ASSP in your case) -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohomanageengine ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohomanageengine ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SAN ssl suport
For SMTPS this will IMHO never work per default, because there is no known domain at the moment of ->accept_SSL SSL: The SSL socket is listening. Nobody knows for which domain (if multiple are hosted) the next connection is for. V2 has an option to chose the used certificate for different listeners - Perl skills are required to do this.. STARTTLS: Even here the SMTP protocol does not provide to know the target domain. for example: -> 220 here I am <- EHLO my.domain -> 250-STARTTLS -> 250- -> 250 HELP <- STARTTLS -> 220 go on For both SSL and TLS, SNI may be possible, if the SMTP client sends the SNI TLS extension in its SSL client hello message. Such an environment is not commonly used fro SMTP. The multidomain setup can become very complex - see RFC6698). The latest Perl modules IO::Socket::SSL and Net::SSLeay are required. HTTPS (configuration interface): Here the right certificate will be use, if the latest IO::Socket::SSL and Net::SSLeay(compiled with the latest openssl lib) are used (SNI support) - and the domain/host in the URL is valid (matches a certificate). V2 has an option to chose/verify the used certificate for different listeners - Perl skills are required to do this. Thomas Von:"Ethical Host - John MacKenzie"An: "'For Users of ASSP'" Datum: 16.06.2016 15:22 Betreff:[Assp-user] SAN ssl suport Hi All Does either version of assp (currently im on 1.x but going to be upgrading to 2.x soon) Have support for SAN wildcard ssl certificates? I tried using it but assp seemed to only pull the first domain listed on the certificate for validation which doesn't work for me Thanks John -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421=/41014381 ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohomanageengine___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SAN ssl suport
:: On Thu, 16 Jun 2016 08:52:09 -0400 :: <072801d1c7cd$e522a0d0$af67e270$@ca> :: "Ethical Host - John MacKenzie"wrote: > Have support for SAN wildcard ssl certificates? I tried using it but > assp seemed to only pull the first domain listed on the certificate > for validation which doesn't work for me Hm... not sure I understood; you installed a SAN certificate in ASSP so that now ASSP is able to secure connections using such a certificate, ok till now ? If so, what do you mean by "pull the first domain", that is, "who" complains about the certificate ? Also, when it comes to SSL it's always a good idea to install OpenSSL and then check things using for example a command like openssl s_client -starttls smtp -connect mail.server.name.or.ip:25 and check the results for warnings or errors or, willing to fetch and dump the certificate details, you may use openssl s_client -showcerts -starttls smtp -connect server:25|openssl x509 -text the above will show you all the details of the certificate returned by the server (ASSP in your case) -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohomanageengine ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SAN ssl suport
Thanks! anyone else? -Original Message- From: K Post [mailto:nntp.p...@gmail.com] Sent: June-16-16 9:51 AM To: For Users of ASSP Subject: Re: [Assp-user] SAN ssl suport I've got ASSP 2 running with a wildcard certificate, but not a SAN certificate. FYI - I'm having very bad TLS slowness. I wonder if it's the certificate... On Thu, Jun 16, 2016 at 8:52 AM, Ethical Host - John MacKenzie < j...@ethicalhost.ca> wrote: > Hi All > > > > Does either version of assp (currently im on 1.x but going to be > upgrading to 2.x soon) > > Have support for SAN wildcard ssl certificates? I tried using it but > assp seemed to only pull the first domain listed on the certificate > for validation which doesn't work for me > > > > Thanks > > > > John > > > > > > > > -- > What NetFlow Analyzer can do for you? Monitors network > bandwidth and traffic patterns at an interface-level. Reveals which > users, apps, and protocols are consuming the most bandwidth. Provides > multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make > informed decisions using capacity planning reports. > http://pubads.g.doubleclick.net/gampad/clk?id=1444514421=/41014381 > ___ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > > -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohomanageengine ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] SAN ssl suport
I've got ASSP 2 running with a wildcard certificate, but not a SAN certificate. FYI - I'm having very bad TLS slowness. I wonder if it's the certificate... On Thu, Jun 16, 2016 at 8:52 AM, Ethical Host - John MacKenzie < j...@ethicalhost.ca> wrote: > Hi All > > > > Does either version of assp (currently im on 1.x but going to be upgrading > to 2.x soon) > > Have support for SAN wildcard ssl certificates? I tried using it but assp > seemed to only pull the first domain listed on the certificate for > validation which doesn't work for me > > > > Thanks > > > > John > > > > > > > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > patterns at an interface-level. Reveals which users, apps, and protocols > are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning > reports. > http://pubads.g.doubleclick.net/gampad/clk?id=1444514421=/41014381 > ___ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > > -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421=/41014381___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user