Rootmanual:SSL: Skillnad mellan sidversioner
Hoppa till navigering
Hoppa till sök
Busk (diskussion | bidrag) (installerade en hög certs.) |
Busk (diskussion | bidrag) mIngen redigeringssammanfattning |
||
Rad 10: | Rad 10: | ||
|webware ||admin ||443 || 100 || 95 || 90 || 90 || 2014-11-17 || 2017-11-16 || RSA2048 ||SHA256wRSA || Y || Y || Y || N || N || Y || Y || Y || Y || Y || "intermediate" || |
|webware ||admin ||443 || 100 || 95 || 90 || 90 || 2014-11-17 || 2017-11-16 || RSA2048 ||SHA256wRSA || Y || Y || Y || N || N || Y || Y || Y || Y || Y || "intermediate" || |
||
|- |
|- |
||
|bugzilla||bugzilla||443||100 || 95 || 80 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || |
|bugzilla||bugzilla||443||100 || 95 || 80 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || Y || Y || Y || N || N || Y || Y || N || N || N || "intermediate" när OCSP || Kortvarig HSTS, OBS: Alternative name: *.bug-attachments.lysator.liu.se |
||
|- |
|- |
||
|datorhandbok||datorhandbok||443||100||95||80||90||2015-02-03 || 2018-02-02 || RSA2048 || |
|datorhandbok||datorhandbok||443||100||95||80||90||2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || Y || Y || Y || N || N || Y || N || N || N || N || "intermediate" när OCSP || |
||
|- |
|- |
||
|enodia ||enpdia ||443 || 100 || 95 || 80 || 90 || 2012-07-26 || 2015-07-27 || RSA2048 || SHA1wRSA || Y || Y || Y || N || N || Y || N || N || N || N || "intermediate" när OCSP och SHA256 || |
|enodia ||enpdia ||443 || 100 || 95 || 80 || 90 || 2012-07-26 || 2015-07-27 || RSA2048 || SHA1wRSA || Y || Y || Y || N || N || Y || N || N || N || N || "intermediate" när OCSP och SHA256 || |
||
Rad 20: | Rad 20: | ||
|gluten || git || 443 || 100 || 95 || 80 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || SHA2wRSA || Y || Y || Y || N || N || Y || Y || N || Y || N || "intermediate" || |
|gluten || git || 443 || 100 || 95 || 80 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || SHA2wRSA || Y || Y || Y || N || N || Y || Y || N || Y || N || "intermediate" || |
||
|- |
|- |
||
|httpkom ||httpkom ||443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || |
|httpkom ||httpkom ||443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || Y || Y || Y || N || N || Y || N || N || N || N || "intermediate" när OCSP || |
||
|- |
|- |
||
|bernadotte ||imap || 143 || || || || || 2012-09-02||2015-09-02 || || || || || || || || || || || || || || |
|bernadotte ||imap || 143 || || || || || 2012-09-02||2015-09-02 || || || || || || || || || || || || || || |
||
Rad 26: | Rad 26: | ||
|jabber || lysator.liu.se ||5222|| || || || || 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || || || || || || || || || || || || [https://xmpp.net/result.php?domain=lysator.liu.se&type=client IM Observatory], Observera CN vid förnyande |
|jabber || lysator.liu.se ||5222|| || || || || 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || || || || || || || || || || || || [https://xmpp.net/result.php?domain=lysator.liu.se&type=client IM Observatory], Observera CN vid förnyande |
||
|- |
|- |
||
|jskom ||jskom ||443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || |
|jskom ||jskom ||443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || Y || Y || Y || N || N || Y || N || N || N || N || "intermediate" när OCSP || |
||
|- |
|- |
||
|ldap || ldap || || || |||| || 2014-11-17 || 2017-11-16 || RSA2048 || SHA256wRSA || || || || || || || || || || || || |
|ldap || ldap || || || |||| || 2014-11-17 || 2017-11-16 || RSA2048 || SHA256wRSA || || || || || || || || || || || || |
||
Rad 38: | Rad 38: | ||
|medreg|| medreg|| 443 || 100 || 95 || 80 || 90|| 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || Y || Y || Y || N || N || Y || N || N || N || N || "intermediate" när OCSP || |
|medreg|| medreg|| 443 || 100 || 95 || 80 || 90|| 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || Y || Y || Y || N || N || Y || N || N || N || N || "intermediate" när OCSP || |
||
|- |
|- |
||
|mrtg||mrtg || 443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || |
|mrtg||mrtg || 443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || Y || Y || Y || N || N || Y || Y || Y || Y || Y || "intermediate" || |
||
|- |
|- |
||
|nagios||nagios || 443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || |
|nagios||nagios || 443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || Y || Y || Y || N || N || Y || N || Y || Y || Y || "intermediate" || |
||
|- |
|- |
||
|nagiosql||nagiosql || 443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || |
|nagiosql||nagiosql || 443 || 100 || 95 || 90 || 90 || 2015-02-03 || 2018-02-02 || RSA2048 || SHA256wRSA || Y || Y || Y || N || N || Y || Y || Y || Y || Y || "intermediate" || |
||
|- |
|- |
||
|pop ||pop || || || || || || || || || || || || || || || || || || || || || |
|pop ||pop || || || || || || || || || || || || || || || || || || || || || |
||
|- |
|- |
||
|proxar ||proxar || 8006 || || || || || 2015-02-03 || 2018-02-02 || || |
|proxar ||proxar || 8006 || || || || || 2015-02-03 || 2018-02-02 || RSA2048 ||SHA256wRSA|| || || || || || || || || || ||bad || |
||
|- |
|- |
||
|proxer ||proxer || 8006 || || || || || 2015-02-03 || 2018-02-02 || || || || || || || || || || || || ||bad || |
|proxer ||proxer || 8006 || || || || || 2015-02-03 || 2018-02-02 || RSA2048 ||SHA256wRSA || || || || || || || || || || ||bad || |
||
|- |
|||
|radius ||radius|| 2083 || || || || || 2014-??-?? || 2017-??-?? || RSA2048 || SHA2wRSA || Y||Y ||Y ||N || N || || || || || || ||ej sökt, kanske inte behövs |
|||
|- |
|- |
||
|thinlinc ||thinlinc || || || || || || || || || || || || || || || || || || || || || |
|thinlinc ||thinlinc || || || || || || || || || || || || || || || || || || || || || |
Versionen från 10 februari 2015 kl. 19.35
https://www.ssllabs.com/ssltest/analyze.html är användbar för snabb överblick över vad som kan förbättras för ett cert, även https://github.com/jvehent/cipherscan med bl.a. analyze.py kan vara behjälplig.
https://wiki.mozilla.org/Security/Server_Side_TLS går igenom mycket som är bra att veta om hur man ställer in sin httpd, t.ex. cipher suites osv.
Inventering av certifikat
host | CN | port | Certificate | Protocol support | Key exchange | Cipher strength | Valid from | Valid until | Key | Signature algorithm | TLS1.2 | TLS1.1 | TLS1.0 | SSL3 | SSL2 | PFS | HSTS | OCSP | NPN | SPDY | analyze.py (mozilla-nivå) | annat |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
webware | admin | 443 | 100 | 95 | 90 | 90 | 2014-11-17 | 2017-11-16 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | Y | Y | Y | Y | "intermediate" | |
bugzilla | bugzilla | 443 | 100 | 95 | 80 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | Y | N | N | N | "intermediate" när OCSP | Kortvarig HSTS, OBS: Alternative name: *.bug-attachments.lysator.liu.se |
datorhandbok | datorhandbok | 443 | 100 | 95 | 80 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | N | N | N | N | "intermediate" när OCSP | |
enodia | enpdia | 443 | 100 | 95 | 80 | 90 | 2012-07-26 | 2015-07-27 | RSA2048 | SHA1wRSA | Y | Y | Y | N | N | Y | N | N | N | N | "intermediate" när OCSP och SHA256 | |
ftp | ftp | 443 | 100 | 95 | 90 | 90 | 2014-04-23 | 2017-04-22 | RSA2048 | SHA1wRSA | Y | Y | Y | N | N | Y | Y | Y | Y | Y | "intermediate" när SHA256 | |
gluten | git | 443 | 100 | 95 | 80 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA2wRSA | Y | Y | Y | N | N | Y | Y | N | Y | N | "intermediate" | |
httpkom | httpkom | 443 | 100 | 95 | 90 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | N | N | N | N | "intermediate" när OCSP | |
bernadotte | imap | 143 | 2012-09-02 | 2015-09-02 | ||||||||||||||||||
jabber | lysator.liu.se | 5222 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | IM Observatory, Observera CN vid förnyande | |||||||||||||||
jskom | jskom | 443 | 100 | 95 | 90 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | N | N | N | N | "intermediate" när OCSP | |
ldap | ldap | 2014-11-17 | 2017-11-16 | RSA2048 | SHA256wRSA | |||||||||||||||||
bernadotte | lists | 443 | 100 | 95 | 80 | 90 | 2014-11-17 | 2017-11-16 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | N | N | N | N | "intermediate" om OCSP | |
login | login | 443 | 100 | 95 | 90 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | Y | Y | Y | Y | "intermediate" | |
bernadotte | 25 | 2012-09-02 | 2015-09-02 | |||||||||||||||||||
medreg | medreg | 443 | 100 | 95 | 80 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | N | N | N | N | "intermediate" när OCSP | |
mrtg | mrtg | 443 | 100 | 95 | 90 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | Y | Y | Y | Y | "intermediate" | |
nagios | nagios | 443 | 100 | 95 | 90 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | N | Y | Y | Y | "intermediate" | |
nagiosql | nagiosql | 443 | 100 | 95 | 90 | 90 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | Y | Y | Y | N | N | Y | Y | Y | Y | Y | "intermediate" | |
pop | pop | |||||||||||||||||||||
proxar | proxar | 8006 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | bad | |||||||||||||||
proxer | proxer | 8006 | 2015-02-03 | 2018-02-02 | RSA2048 | SHA256wRSA | bad | |||||||||||||||
thinlinc | thinlinc | |||||||||||||||||||||
webkom | webkom | 443 | 100 | 95 | 90 | 90 | 2012-07-26 | 2015-09-01 | RSA2048 | SHA1wRSA | Y | Y | Y | N | N | Y | N | N | N | N | "intermediate" när OCSP och SHA256 | |
bernadotte | webmail | 443 | 100 | 95 | 80 | 90 | 2012-07-26 | 2015-09-01 | RSA2048 | SHA1wRSA | Y | Y | Y | N | N | Y | N | N | N | N | "intermediate" när OCSP och SHA256 | |
webware | webware | 443 | 100 | 95 | 80 | 90 | 2012-07-26 | 2015-07-27 | RSA2048 | SHA1wRSA | Y | Y | Y | N | N | P | N | N | N | N | "intermediate" när OCSP och SHA256 | |
nyarlathotep | www | 443 | 100 | 95 | 80 | 90 | 2014-04-23 | 2017-04-22 | RSA2048 | SHA1wRSA | Y | Y | Y | N | N | Y | N | N | N | N | "intermediate" när OCSP och SHA256 |
P = Partial
Situationen generellt nu är att SHA1 bör ersättas med SHA256 innan 2016, vilket gör att det vore bra ifall alla certifikat vi har låtit få utgivna sammanställdes t.ex. här, så att man enkelt kan söka dem i klump när det väl drar ihop sig.