subject:"Re\: \[Assp\-user\] SAN ssl suport"

Re: [Assp-user] SAN ssl suport

2016-06-17 Thread Ethical Host - John MacKenzie

Thanks for the reply!

Q: you installed a SAN certificate in ASSP so that now ASSP is able to
secure connections using such a certificate, ok till now ? 
>I was using a regular wild card cert until now and yes it was fine (still
is as I went back to it)

Q: If so, what do you mean by "pull the first domain", that is, "who"
complains about the certificate ?
> the new cert worked fine as well BUT not on the other domains in the SAN,
only the first domain listed in the SAN worked without an SSL mismatch
error.
> Who complains? the email program gives a certificate warning about the
hostname not matching.

There is nothing wrong with the actual ssl connection, just the recognition
of the OTHER hostnames on the SSl certificate but ill give those commands a
try when I can retest the other cert (cant do it during the day)

Thanks!
John


-Original Message-
From: Grayhat [mailto:gray...@gmx.net] 
Sent: June-17-16 3:07 AM
To: assp-user@lists.sourceforge.net
Subject: Re: [Assp-user] SAN ssl suport

:: On Thu, 16 Jun 2016 08:52:09 -0400
:: <072801d1c7cd$e522a0d0$af67e270$@ca>
:: "Ethical Host - John MacKenzie" <j...@ethicalhost.ca> wrote:

> Have support for SAN wildcard ssl certificates?  I tried using it but 
> assp seemed to only pull the  first domain listed on the certificate 
> for validation which doesn't work for me

Hm... not sure I understood; you installed a SAN certificate in ASSP so that
now ASSP is able to secure connections using such a certificate, ok till now
? If so, what do you mean by "pull the first domain", that is, "who"
complains about the certificate ? Also, when it comes to SSL it's always a
good idea to install OpenSSL and then check things using for example a
command like

openssl s_client -starttls smtp -connect mail.server.name.or.ip:25

and check the results for warnings or errors or, willing to fetch and dump
the certificate details, you may use 

openssl s_client -showcerts -starttls smtp -connect server:25|openssl x509
-text

the above will show you all the details of the certificate returned by the
server (ASSP in your case)









--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohomanageengine
___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] SAN ssl suport

2016-06-17 Thread Thomas Eckardt

For SMTPS this will IMHO never work per default, because there is no known 
domain at the moment of ->accept_SSL

SSL:
The SSL socket is listening. Nobody knows for which domain (if multiple 
are hosted) the next connection is for.
V2 has an option to chose the used certificate for different listeners - 
Perl skills are required to do this..

STARTTLS:
Even here the SMTP protocol does not provide to know the target domain.
for example:
-> 220 here I am
<- EHLO my.domain
-> 250-STARTTLS
-> 250-
-> 250 HELP
<- STARTTLS
-> 220 go on

For both SSL and TLS, SNI may be possible, if the SMTP client sends the 
SNI TLS extension in its SSL client hello message. Such an environment is 
not commonly used fro SMTP.
The multidomain setup can become very complex - see RFC6698).
The latest Perl modules IO::Socket::SSL and Net::SSLeay are required.


HTTPS (configuration interface):
Here the right certificate will be use, if the latest IO::Socket::SSL and 
Net::SSLeay(compiled with the latest openssl lib) are used (SNI support) - 
and the domain/host in the URL is valid (matches a certificate).
V2 has an option to chose/verify the used certificate for different 
listeners - Perl skills are required to do this.

Thomas



Von:"Ethical Host - John MacKenzie" 
An: "'For Users of ASSP'" 
Datum:  16.06.2016 15:22
Betreff:[Assp-user] SAN ssl suport



Hi All

 

Does either version of assp (currently im on 1.x but going to be upgrading
to 2.x soon) 

 Have support for SAN wildcard ssl certificates?  I tried using it but 
assp
seemed to only pull the  first domain listed on the certificate for
validation which doesn't work for me

 

Thanks

 

John

 

 

--
What NetFlow Analyzer can do for you? Monitors network bandwidth and 
traffic
patterns at an interface-level. Reveals which users, apps, and protocols 
are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning
reports. 
http://pubads.g.doubleclick.net/gampad/clk?id=1444514421=/41014381
___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
***

--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] SAN ssl suport

2016-06-17 Thread Grayhat

:: On Thu, 16 Jun 2016 08:52:09 -0400
:: <072801d1c7cd$e522a0d0$af67e270$@ca>
:: "Ethical Host - John MacKenzie"  wrote:

> Have support for SAN wildcard ssl certificates?  I tried using it but
> assp seemed to only pull the  first domain listed on the certificate
> for validation which doesn't work for me

Hm... not sure I understood; you installed a SAN certificate in ASSP so
that now ASSP is able to secure connections using such a certificate,
ok till now ? If so, what do you mean by "pull the first domain", that
is, "who" complains about the certificate ? Also, when it comes to SSL
it's always a good idea to install OpenSSL and then check things using
for example a command like

openssl s_client -starttls smtp -connect mail.server.name.or.ip:25

and check the results for warnings or errors or, willing to fetch and
dump the certificate details, you may use 

openssl s_client -showcerts -starttls smtp -connect server:25|openssl x509 -text

the above will show you all the details of the certificate returned by
the server (ASSP in your case)








--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] SAN ssl suport

2016-06-16 Thread Ethical Host - John MacKenzie

Thanks! anyone else?

-Original Message-
From: K Post [mailto:nntp.p...@gmail.com] 
Sent: June-16-16 9:51 AM
To: For Users of ASSP
Subject: Re: [Assp-user] SAN ssl suport

I've got ASSP 2 running with a wildcard certificate, but not a SAN certificate.

FYI - I'm having very bad TLS slowness.  I wonder if it's the certificate...

On Thu, Jun 16, 2016 at 8:52 AM, Ethical Host - John MacKenzie < 
j...@ethicalhost.ca> wrote:

> Hi All
>
>
>
> Does either version of assp (currently im on 1.x but going to be 
> upgrading to 2.x soon)
>
>  Have support for SAN wildcard ssl certificates?  I tried using it but 
> assp seemed to only pull the  first domain listed on the certificate 
> for validation which doesn't work for me
>
>
>
> Thanks
>
>
>
> John
>
>
>
>
>
>
>
> --
>  What NetFlow Analyzer can do for you? Monitors network 
> bandwidth and traffic patterns at an interface-level. Reveals which 
> users, apps, and protocols are consuming the most bandwidth. Provides 
> multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make 
> informed decisions using capacity planning reports.
> http://pubads.g.doubleclick.net/gampad/clk?id=1444514421=/41014381
> ___
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] SAN ssl suport

2016-06-16 Thread K Post

I've got ASSP 2 running with a wildcard certificate, but not a SAN
certificate.

FYI - I'm having very bad TLS slowness.  I wonder if it's the certificate...

On Thu, Jun 16, 2016 at 8:52 AM, Ethical Host - John MacKenzie <
j...@ethicalhost.ca> wrote:

> Hi All
>
>
>
> Does either version of assp (currently im on 1.x but going to be upgrading
> to 2.x soon)
>
>  Have support for SAN wildcard ssl certificates?  I tried using it but assp
> seemed to only pull the  first domain listed on the certificate for
> validation which doesn't work for me
>
>
>
> Thanks
>
>
>
> John
>
>
>
>
>
>
>
> --
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.
> http://pubads.g.doubleclick.net/gampad/clk?id=1444514421=/41014381
> ___
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421=/41014381___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] SAN ssl suport

Re: [Assp-user] SAN ssl suport

Re: [Assp-user] SAN ssl suport

Re: [Assp-user] SAN ssl suport

Re: [Assp-user] SAN ssl suport

5 matches

Site Navigation

Mail list logo

Footer information